Contents
Configuring Reverse Proxies
A reverse proxy maps internal proxies to external proxies. Reverse proxies are located between a service consumer and a provider back-end system. From here, they route consumer messages to a binding. You can use reverse proxies and/or a load balancers in the Web service environment. To support these components successfully, you must ensure that the Web service URLs exposed by the ABAP application server point to the reverse proxy or load balancer to be addressed.
You can configure a back-end system to support the deployment of a reverse proxy. You can set substitution rules for the host name, the HTTP port, and the HTTPS port, as well as the path prefix for the Web services, so that they point to the reverse proxies or the load balancers in use. This is visible in the following:
- WSDL documents that are exposed directly from the back-end system
- WSDL documents that are published to an SAP services Registry as well as any UDDI-compliant Services Registry
- WSIL documents that are exposed at the back-end system
Prerequisites
Reverse proxy settings are client-specific. You can make different proxy settings for each client.
The operating mode and setting options of the ABAP application server are described for the following versions:
- SAP Netweaver 7.0 Support Package 14+ and SAP Netweaver 7.10
SAP Netweaver 7.01+ and SAP Netweaver 7.11+
Constraints
In SAP Netweaver 7.0 Support Package 14+ and 7.10, protocol changes using reverse proxies are not supported.
Procedure SAP Netweaver 7.0 Support Package 14+ and 7.10
Configuring Reverse Proxies in SAP Netweaver 7.0 Support Package 14+ and 7.10
- In SOA Manager (transaction code SOAMANAGER), go to the Technical Configuration tab and choose System Global Settings.
- Go to the Alternative Hosts tab to specify the alternative URLs.
You can make the following settings:
Query Host Name | Host name that is transferred in the HTTP header and to which the client sends the request. |
Alternative Host | Host name that is used to replace the host name in the binding URLs in the WSDL/WSIL documents. |
Alternative Port (http) | The port number of the HTTP port that is used to replace the HTTP ports in the bindings and metadata URLS |
Alternative Port (https) | The port number of the HTTPS port that is used to substitute the HTTPS port in the binding and metadata URLs. |
Active | Parameter that controls whether the settings of this line are to be used to create alternative URLs The possible values are "A" (for active) and "I" (for inactive). You must set this parameter to the value "A" so that the settings of this line are used. |
Publishing WSDL URLs and binding URLs to the Services Registry in SAP Netweaver 7.0 Support Package 14+ and 7.10
You must have set up a Web service connection between the ABAP application server and the SAP Services Registry. For more information, see SAP Note 1319742.
- In SOA Manager (transaction code SOAMANAGER), go to the Technical Configuration tab and choose System Global Settings.
- Go to the Services Registry tab to define the connections to the Services Registry.
- Make the following settings:
- Alternative Host
- Alternative Port (HTTP and HTTPS)
Constraints SAP Netweaver 7.0 Support Package 14+ and 7.10
In SAP NetWeaver 7.0 SP14+ and SAP NetWeaver 7.10, protocol changes using reverse proxies are not supported.
Example SAP Netweaver 7.0 Support Package 14+ and 7.10
The reverse proxy has the host name "www.sap.com" and uses port 80 for HTTP and port 443 for HTTPS. The ABAP application server has the host name "host01.sap.corp".
The following settings are required to ensure that WSDL documents and WSIL documents that are requested via the reverse proxy contain URLS that also point to the reverse proxy:
Query Host Name: www.sap.com
Alternative Host: www.sap.com
Alternative Port (http): 80
Alternative Port (https): 443
Active: A
The following settings are required to also ensure that WSDL documents and WSIL documents that are requested directly on the application server, without going via the reverse proxy contain URLs that still point to the reverse proxy:
Query Host Name: host01.sap.corp
Alternative Host: www.sap.com
Alternative Port (http): 80
Alternative Port (https): 443
Active: A
The following settings are also required for the relevant SAP Services Registry to ensure that WSDL URLs and binding URLs (which are published in an SAP Services Registry) point to the reverse proxy:
Alternative Host: www.sap.com
Alternative Port (http): 80
Alternative Port (https): 443
Procedure SAP Netweaver 7.01+ and 7.11+
Configuring Reverse Proxies in SAP Netweaver 7.01+ and 7.11+
- In SOA Manager (transaction code SOAMANAGER), go to the Technical Administration tab and choose SAP Client Settings.
- Go to Reverse Proxy Settings.
You can make the following settings:
Reverse proxy name | A unique name for the reverse proxy within the ABAP client, which is assigned freely by the adminstrator. You can use this name to refer to a reverse proxy within the SAP Services Registry settings. |
Incoming HTTP header host name | Host name that is transferred in the HTTP header and to which the client sends the request. You can also enter the wildcard character "" here to clarify that any host name is acceptable. The use of wildcards in combination with other alphanumeric characters (for example,".sap.corp") is not supported. |
Incoming ICM port | HTTP/HTTPS port on which the WSDL request or WSIL request reaches the ABAP application server. If the client transfers the HTTP/HTTPS port in the HTTP header, the system interprets this port as the "Incoming ICM port". You can also enter the wildcard character "" here to clarify that any port is acceptable. The use of wildcards in combination with other numeric characters (for example, "50") is not supported. |
Substitute host name | Host name that is used to replace the host name in the binding URLs in the WSDLs and WSILs. |
Substitute http port | The port number of the HTTP port that is used to replace the HTTP ports in the bindings and metadata URLs |
Substitute https port | The port number of the HTTPS port that is used to substitute the HTTPS port in the binding and metadata URLs. |
Additional path prefix | URL path prefix, which is added as the first element in the original URL path. You can use this optional setting to convey routing information to the reverse proxy. You expect the reverse proxy to remove it from the call URL when forwarding to the ABAP application server. |
Endpoint protocol substitution | You can configure the protocol for accessing the Web service end point. Possible values are "http", "https","config" and "incoming". For the "config" setting, you use the protocol that was specified in the relevant Web service configuration. If you choose the "incoming" setting, the system uses the protocol with which the metadata is accessed to create the alternative end point URL. |
Metadata protocol substitution | You can configure the protocol for accessing Web service metadata (WSDL documents and WSIL documents). Possible values are "HTTP", "HTTPS" and "incoming". |
Active | Parameter that indicates whether the settings of this reverse proxy are to be used to create alternative URLs. The possible values are "active" and "inactive". You must set this parameter to the value "active" so that the settings of this line are used. |
Using Wildcards
If an inbound WSDL query or WSIL query reaches the ABAP application server via a HTTP request, the system uses the host name transferred in the HTTP header and the inbound HTTP/HTTPS
port to try to determine a suitable reverse proxy. By using wildcard characters, several reverse proxies may be suitable for
the host name and port of the inbound query. If this is the case, the WSDL generation determines the specifically-defined reverse proxy using the following priorities:
Priority 1 (highest):
The host name and port of the reverse proxy correspond directly with the parameters of the HTTP request without using wildcards.
Priority 2:
The host name of the reverse proxy corresponds directly with the host name of the HTTP request without using wildcards. You specified a wildcard character for the port of the reverse proxy.
Priority 3:
The port of the reverse proxy corresponds directly with the port from the HTTP request without using wildcards. You specified a wildcard character for the host name of the reverse proxy.
Priority 4:
You specified wildcards for both the host name and the port of the reverse proxy.
Publishing WSDL URLs and binding URLs to the Services Registry in SAP Netweaver 7.01+ and 7.11+
You must have set up a Web service connection between the ABAP aapplication server and the SAP Services Registry. For more information, see SAP Note 1319742.
- Go to the Services Registry tab and choose Services Registry Consumer Settings.
- Specify the reverse proxy name that you have set up to be used with the Services Registry.
If you have set "Metadata protocol substitution" to "incoming" in the referenced proxy, the system publishes all metadata URLs with the protocol HTTP. The system uses the protocol determined by the configuration for the published bindings, provided that you have set the "incoming" value for the setting "Endpoint protocol substitution".
Example SAP Netweaver 7.01+ and 7.11+
The reverse proxy has the host name "www.sap.com" and uses port 80 for HTTP and port 443 for HTTPS. The ABAP application server has the host name "host01.sap.corp".
The following settings are required to ensure that WSDL documents and WSIL documents that are requested via the reverse proxy) contain URLS that also point to the reverse proxy:
Reverse proxy name: PROXY1
Incoming http header host name: www.sap.com
Incoming ICM port: *
Substitute host name: www.sap.com
Substitute http port: 80
Substitute https port: 443
Additional path prefix:
Metadata protocol substitution: incoming
End point protocol substitution: config
Active: active
We recommend that you use the wildcard character "*" for the incoming http header host name (instead of www.sap.com) to ensure that WSDL documents and WSIL documents always point to the reverse proxy, regardless of how the metadata requests reach the application server.
To use this reverse proxy in the Services Registry, specify "PROXY1" in the Services Registry settings.