URL Redirect Protection

SAP 3D Visual Enterprise Viewer can be embedded in a variety of hosting applications. One of the main usages is Web applications using SAP 3D Visual Enterprise Viewer to open online files. SAP 3D Visual Enterprise Viewer achieves this by accepting an URL pointing to an online resource, managing the downloading process and displaying the content to the user. When an application sends rogue URL with a redirection directive to an unsafe domain to SAP 3D Visual Enterprise Viewer, it might pose security issues and compromise SAP products.

The URL Redirect Protection feature provides defence to make sure URLs redirected to an unknown domain will not be loaded. First, redirecting to the same domain as the source URL will always be allowed. Second, redirecting to a domain that matches an entry in the white list will also be allowed. All other redirections will be denied. In case of nested redirection, SAP 3D Visual Enterprise Viewer allows up to 8 levels of redirection in one URL access. Any more redirection request will be denied.

The URL Redirect Protection main switch and the white list can be set by user. However this setting can be overridden when there is Group Policy applied by administrator.

When the administrator enables URL Redirect Protection, an entry is required in the white list before the setting can be applied. The entry does not have to be a valid URL. To stop all redirection, administrator chooses Enable URL Redirect Protection and enters some text in the white list. That allows the administrator to apply the setting.

The URL Redirect Protection settings located under either the menu Edit  Preferences  Security Configuration, or context menu Preferences   Settings  Security Configuration . The URL Redirect Protection main switch dictates whether SAP 3D Visual Enterprise Viewer will apply this protection. The white list is a flat editable list containing URLs that can be redirected when the protection is enabled.

The URL Redirect Protection also supports the Group Policy option. Using this, the network administrator can set a maximum security level and prevent users from changing it. The Group Policy script file (.adm) is located at: SAP 3D Visual Enterprise Viewer install folder\DomainGroupPolicies\Inactive\URLRedirectProtection.adm

Prerequisites

You have:

• A Windows Server setup with a domain

• Full administrative rights to that server

• SAP 3D Visual Enterprise Viewer already installed

Procedure

Installing the SAP 3D Visual Enterprise Viewer Group Policy URLRedirectProtection.adm

1. Log on to the domain server with full administrative rights.

2. Copy the file URLRedirectProtection.adm from the installation folder of SAP 3D Visual Enterprise Viewer, and paste into a location in the domain server for installation.

3. From the Windows Start Menu, choose Administrative Tools  Group Policy Management.

4. In the Group Policy Management tree, right-click Group Policy Objects and choose New. Give the group policy a name; for example, SAP Group Policy. The newly added group policy displays under the group policy objects.

5. Select the newly created policy object, right-click and choose Edit to display the Group Policy Object Editor window.

6. From the User Configuration folder, right-click Administrative Templates, select Add/Remove Templates, and choose Add.

7. Browse for the file URLRedirectProtection.adm that you have transferred across to the domain server, and open it.

8. Choose Close to apply the changes. A folder SAP 3D Visual Enterprise displays in the administrative templates. In that folder, double click the URL Redirect item to display the URL Redirect Protection properties.

9. Close the Group Policy Object Editor window to return to the Group Policy Management window. Right click the domain to which you want to apply the group policy, and choose Link an Existing GPO. The group policy object is displayed in the Select GPO, under Group Policy Objects.

10. Log on and run SAP 3D Visual Enterprise Viewer. Check whether the changes in group policy display in the SAP 3D Visual Enterprise Viewer settings.