What do I have to check when using a Reverse Proxy in my system landscape?
The Reverse Proxy must meet the following requirements to work with SAP systems :
1.) The host header name may not be changed by the application gateway.
The SAP system generates absolute URLs based on the host and port information found in the host header name.
2.) The client protocol may not be changed unless signalled to the SAP server.
The incoming protocol version (HTTP or HTTPS) is also used to construct the URL. If there is a requirement to change the protocol from HTTP to HTTPS or vice versa, then an additional header variable has to be set to indicate the protocol to use for URL generation.
The default header variable used to signal the protocol requested by the client is 'ClientProtocol'. For the SAP NetWeaver JAVA this can be changed by modifying the value ProtocolHeaderName in the HTTP Provider Service.
The header variable used by SAP NetWeaver ABAP cannot be modified.
Parameters which are important when using SAP Web Dispatcher as Reverse Proxy:
1.) If there is a change in protocol in the SAP Web Dispatcher, the application server requires this information, to generate absolute URLs (it can get SAP Web Dispatcher host and port names from the header field Host).
This parameter determines whether the protocol between the browser and SAP Web Dispatcher (HTTP or HTTPS) is notified to the application server.
This information is sent in the header field clientprotocol.
2.) If the client IP address is needed in the backend by the application than you have to activate the following parameter.
The parameter determines whether the SAP Web Dispatcher includes the IP address of the client in the header field x-forwarded-for.
If it does, the application on the application server can read the route that the request has taken.
If the parameter has the value false, Web Dispatcher leaves the header field unchanged.
3.) If the SAP Web Dispatcher ports for the configured protocols are needed in the backend by the application than you have to activate the following parameter.
With this parameter the SAP Web Dispatcher notifies the application server of its ports (access points) for the different protocols in an HTTP header.
In the application server the protocol can be switched without any manual configuration (for example, from HTTP to HTTPS), or a redirect can be programmed.
Additional interesting SAP Notes :
929082 Apache as reverse proxy for the SAP Web Application Server
833960 supported Application Gateway Configurations