Binding Only Specific IP Addresses

You can configure SAP Host agent only to accept network connections for specific IP addresses or host names.

You can achieve this in one of the following ways:

Using the profile value service/hostname

Specify the following value in the host_profile of the SAP Host Agent:
service/hostname = <host_name>

or

service/hostname = <IP_Address>
Example
```
service/hostname = 127.0.0.1
```
Restart the SAP Host Agent by executing the following command:
saphostexec -restart

SAP Host Agent should now bind only the specified IP address.

Example

On Linux, you can check this as follows:

/usr/sap/hostctrl/exe# netstat -tlnp | grep 1128

tcp 00 127.0.0.1:11280 0.0.0:* LISTEN 8368/sapstartsrv

/usr/sap/hostctrl/exe#

You can see that only 127.0.0.1 is bound

Using Network ACL (Access Control List)

Specify the following value in the host_profile of the SAP Host Agent:
service/http/acl_file = <Path_to_an_ACL_file> or service/https/acl_file = <Path_to_an_ACL_file> if you use HTTPS.
You can also set both values.
Restart the SAP Host Agent by executing the following command:
saphostexec -restart

The ACL file should be configured as specified in SAP Note 1495075 Information published on SAP site .

SAP Host Agent will still bind all available addresses, but as soon a client tries to connect, it is either refused or accepted according to the ACL file configuration.