Managing HTTP Whitelists

Decide which HTTP (S) calls in your system you want to permit or block for different functional areas (for example, redirects, clickjacking protection, CSS style sheets).

If you use an HTTP whitelist, only HTTP calls from URLs in this list are accepted by the system for the respective function (context type). You can call the HTTP whitelist administration from the UCON cockpit (transaction UCONCOCKPIT).

Before SAP NW Release 7.51 SP00, it was only possible to edit the HTTP whitelist using the database table HTTP_WHITELIST. The HTTP whitelist tool offers you the following benefits when compared with this method:

  • You can manage the whitelists of multiple HTTP context types together in a single graphical interface.
  • You can choose to edit the whitelists independently of client, which reduces the amount of work needed.
  • Number of context types reduced from 11 to 4 Eight of the previous context types were combined as a (Trusted Network Zone) (see Configuring HTTP Context Types).
  • The tool supports you when creating suitable whitelists by using logging and simulation phases.

Related Information