Parameter | Description | Default Value | |
---|---|---|---|
icm/accept_remote_trace_level | Specifies whether an external client may change the trace level of the SAP system. |
0 (Trace cannot be changed) |
|
icm/authfile | Specifies the file name and path of the authorization file that contains the hash values of passwords for ICM/SAP Web Dispatcher administration users. |
$(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)data$(DIR_SEP)icmauth.txt |
|
icm/ccms_monitoring | Activates CCMS monitoring of the SAP Web Dispatcher/ICM. |
TRUE |
|
icm/ccms_refresh_rate | Specifies the frequency in which status information in the ICM/SAP Web Dispatcher is updated for CCMS monitoring. |
30 |
|
icm/conn_timeout | Specifies x the maximum duration (in milliseconds) of a connection to an external partner. If the specified time period is exceeded, the connection is terminated and an error message is sent to the caller. |
5000 |
|
icm/host_name_full | Specifies the fully qualified host name of the host on which the SAP Web Dispatcher/ICM is running, and which is available for requests. If this parameter is not set explicitly, the system queries the operating system for the host name. Example saphost5.sap-ag.de instead of saphost5
|
- |
|
icm/<PROT>/max_request_size_KB | Protects the application server from a Denial of Service (DOS) attack with large requests. If the parameter value is not equal to -1, the SAP Web Dispatcher/ICM already checks whether the length of the request exceeds the specified value of the parameter. If it does, the request is not passed to the application server, and an error message is sent to the caller. The profile parameter is valid for HTTP and HTTPS. Value -1 deactivates the check. |
102400 KB |
|
icm/HTTP/admin_<xx> | Configures the Web-based administration interface. |
icm(HTTP/admin_0 = PREFIX=/sap/admin, DOCROOT=$(DIR_ICMAN_ROOT)/admin, AUTHFILE=$(icm/authfile) |
|
icm/HTTP/auth_<xx> | Filters HTTP/HTTPS requests to SAP Web Dispatcher/ICM, before the request is sent to another HTTP handler (file access, cache, administration, redirect), or to the backend system (AS ABAP or J2EE Engine). HTTP/HTTPS requests can be blocked using different criteria. |
icm/HTTP/auth_0= PREFIX=/, FILTER=SAP |
|
icm/HTTP/error_templ_path | Specifies the directory in which the SAP Web Dispatcher/ICM can find its error pages. |
$(DIR_ICMAN_ROOT)/error_templ |
|
icm/HTTP/file_access_<xx> | Specifies for which URL prefix static file access should be set, and in which directory the static files are stored. |
0 (off) |
|
icm/HTTP/logging_<xx> | Controls HTTP logging. |
- |
|
icm/HTTP/logging_Client_<xx> | Controls the logging of outgoing HTTP requests, that is, if the application server acts as a client. |
- |
|
icm/HTTP/mod_<xx> | Configures HTTP request modifications. |
icm/HTTP/mod_0 =PREFIX=/ (no action file) |
|
icm/HTTP/redirect_<xx> | Defines an HTTP redirect. If the client attempts to access the URL in question, the server sends a redirect. This forces the client to access the new destination instead. |
- |
|
icm/HTTP/server_cache_<xx> | Specifies the URI prefix and the target directory for the SAP Web Dispatcher/ICM internal HTTP server cache. |
UNIX:PREFIX=/, CACHEDIR=$(DIR_DATA)/cache Windows:PREFIX=/, CACHEDIR=$(DIR_DATA)\\cache |
|
icm/HTTP/server_cache_<xx>/clear | Deletes the SAP Web Dispatcher/ICM cache content each time the server is restarted. |
TRUE |
|
icm/HTTP/server_cache_<xx>/expiration | Specifies the default expiration time (in seconds) for SAP Web Dispatcher/ICM cache entries. |
86400 seconds |
|
icm/HTTP/server_cache_<x>/max_entries | Speciifes the maximum number of entries in SAP Web Dispatcher/ICM HTTP server cache. |
10000 |
|
icm/HTTP/server_cache_<xx>/max_name_len | Specifies the maximum length (number of characters) of HTTP URIs of objects that are to be saved in the SAP Web Dispatcher/ICM cache. |
256 |
|
icm/HTTP/server_cache_<xx>/max_net_frag_size | Limits the maximum size of the data buffers fragmented on the network for all the documents coming from the cache. |
0 |
|
icm/HTTP/server_cache_<xx>/max_ufo_entries | Specifies the maximum number of entries in the UFO List (UnFound objects) in the SAP Web Dispatcher/ICM server cache. |
10000 |
|
icm/HTTP/server_cache_<xx>/memory_size_MB | Specifies which part of the cache should be stored in main memory and which on the hard disk. |
50 |
|
icm/HTTP/server_cache_<xx>/size_MB | Size of the SAP Web Dispatcher/ICM server cache in megabytes. |
400 |
|
icm/HTTP/server_cache_<xx>/ufo_codelist | Handles additional HTTP error codes as UFOs. |
404 |
|
icm/HTTP/server_cache_<xx>/expiration | Specifies the expiration time (in seconds) for the entries in the UFO list in the SAP Web Dispatcher/ICM cache. |
60 |
|
icm/HTTPS/client_cipher_suite_header_name |
Specifies the header field that contains the cipher suite used. |
SSL_CIPHER_SUITE |
|
icm/HTTPS/client_certificate_chain_header_prefix |
Specifies the prefix of the CA certificate chains. The chain is structured from 1 to n, where n+1 is the last CA root certificate in the chain that is not sent to the server. |
SSL_CLIENT_CERT_CHAIN_ |
|
icm/HTTPS/client_certificate_header_name |
Specifies header field names used for forwarding SSL certificates. The SAP Web Dispatcher sets the fields, and the ICM on the application server uses them. |
SSL_CLIENT_CERT |
|
icm/HTTPS/client_key_size_header_name |
Specifies header field names used for forwarding SSL certificates. The SAP Web Dispatcher sets the fields, and the ICM on the application server uses them. |
SSL_CIPHER_USEKEYSIZE |
|
icm/HTTPS/trust_client_with_issuer |
Specifies the intermediary that SSL client certificates forwarded in the HTTP header are accepted from. The profile parameter contains the issuer of the SSL certificate of the intermediary. |
- |
|
icm/HTTPS/trust_client_with_subject |
The trusted relationship between the SAP Web Dispatcher and the ICM is based on a client certificate, which the SAP Web Dispatcher uses for the SSL connection. This Web Dispatcher certificate uses the ICM to decide whether the SAP Web Dispatcher is trustworthy or not. |
- |
|
icm/HTTPS/verify_client | Specifies whether a client must produce a certificate. |
1 |
|
icm/HTTPS/verify_client | Time span in seconds in which the SAP Web Dispatcher/ICM attempts to keep a connection open if new data were to arrive from the partner through the network. |
60 |
|
icm/listen_queue_len | Specifies the maximum number of requests kept in the queue while a connection is open. |
512 |
|
icm/local_addr | Binds outbound connections of the SAP Web Dispatcher/ICM to a specific network interface. |
- |
|
icm/log_level | Specifies whether system log messages are written to the trace file. |
0 | |
icm/max_conn | Specifies the maximum number of open connections in the SAP Web Dispatcher. |
500 | |
icm/max_threads | Specifies the maximum number of threads in the SAP Web Dispatcher/ICM. |
250 | |
icm/max_services | Specifies the maximum number of SAP Web Dispatcher/ICM services that can be created. |
30 | |
icm/max_sockets | Specifies the maximum number of open connections in the SAP Web Dispatcher/ICM. |
2048 | |
icm/min_spare_threads | Number of worker threads that the SAP Web Dispatcher/ICM tries to keep free. |
3 | |
icm/min_threads | Specifies the maximum number of threads in the SAP Web Dispatcher/ICM. |
10 | |
icm/<PROT>/max_request_size_KB | Protects the application server from a Denial of Service (DOS) attack with large requests. |
102400 | |
icm/req_queue_len | Specifies the maximum number of waiting requests. |
1000 | |
icm/security_log | Controls the output of the security protocol. |
LOGFILE=dev_icm_sec,MAXSIZEKB=500 | |
icm/server_port_<xx> | Specifies the SAP Web Dispatcher/ICM port/service (PORT) to use for a protocol (PROT). |
- |
|
icm/ssl_config_<xx> | Controls the general SSL configuration. |
- |
|
icm/trace_secured_data | Specifies whether SSL encrypted data written to the SAP Web Dispatcher/ICM trace file. |
FALSE | |
icm/traffic_control | Specifies the timeout within a request. |
- |
|
is/HTTP/show_server_header | Specifies whether the server header field is included in HTTP responses from the server to the client. For security reasons SAP recommends that this information is not forwarded to the client. |
FALSE | |
is/server_name | Specifies the official name of the application server. |
SAP NetWeaver Application Server | |
is/server_version | Contains the kernel version number. |
Corresponds to the kernel version used | |
is/HTTP/show_detailed_errors | Specifies the standard form of HTTP error messages that the SAP Web Dispatcher/ICM creates and sends to the client. |
FALSE | |
is/HTTP/show_server_header | Specifies whether server header fields of the server should be added to the client or not. |
FALSE | |
mpi/buffer_size |
Specifies the size of the memory pipes blocks. |
65536 | |
mpi/max_pipes |
Specifies the maximum number of memory pipes. |
4000 | |
mpi/total_size_MB |
Specifies the total size (in megabytes) of the shared memory areas used for MPI. |
80 | |
wdisp/add_client_protocol_header |
Specifies whether the protocol (HTTP or HTTPS) between the browser and the SAP Web Dispatcher is notified to the application server. This information is sent in the header field clientprotocol. If there is a change in protocol in the SAP Web Dispatcher, the application server requires this information, to generate absolute URLs (it can get the SAP Web Dispatcher host and port names from the header field Host). |
TRUE |
|
wdisp/add_xforwardedfor_header |
Specifies whether the SAP Web Dispatcher includes the IP address of the client in the header field x-forwarded-for. If it does, the application on the application server can read the route that the request has taken. If the profile parameter has the value false, the SAP Web Dispatcher leaves the header field unchanged. |
FALSE |
|
wdisp/auto_refresh |
Specifies the time period after which the route information tables of the SAP Web Dispatcher (server tables, group tables and URL mapping tables) are periodically updated. The profile parameter also defines the frequency of ping of requests to the application servers. |
25 |
|
wdisp/enable_j2ee_groups |
Allow logon groups for AS Java. |
FALSE |
|
wdisp/enable_sap_hostid |
Used to control load balancing explicitly. If the value of this profile parameter is true, a server destination can be specified explicitly in the request URI using the form field sap-hostid. This is needed, for example, for debugging server nodes or for test purposes. webdisp.wdf.sap.corp:4711/sap/public/icman/ping?sap-hostid=binmain_BIN_53 Caution Since with this form field server load balancing can be bypassed (denial of service attacks), the default is this behavior is deactivated.
|
FALSE |
|
wdisp/group_info_location | Specifies from where the SAP Web Dispatcher obtains information about the server groups, to which it can distribute the inbound requests. The details are indicated in a URL (absolute or relative). Usually the SAP Web Dispatcher gets its group information from an application server. In this case you can specify the ICF service, where the groups are defined. If there is no application server with ICF (ABAP) available, you can store this information in a file. In this case you can use this parameter to specify the file path by setting the parameter to file://<path>. Caution We recommend that you do not use static files.
|
/sap/public/ icf_info/ icr_groups |
|
wdisp/group_info_protocol | Specifies the protocol that the SAP Web Dispatcher is to use for reading logon group information from the application server. You can secure the conenction using HTTPS. |
HTTP |
|
wdisp/handle_webdisp_ap_header | Notifes the application server in an HTTP header of the ports (access points) for the different protocols of the SAP Web Dispatcher. In the application server the protocol can be switched without any manual configuration (for example, from HTTP to HTTPS), or a redirect can be programmed. The header field set by the Web Dispatcher has the syntax: x-sap-webdisp-ap: http=<port>, https=<port>, <protocolXYZ>=<port> For example: x-sap-webdisp-ap: http=80,https=443 x-sap-webdisp-ap: http=80 The following values are possible: 0: No action (old behavior) 1: Header field with it own access information (if this field exists, it is set) 2: Set header field if not already set. 3: Delete header field if it exists. |
0 |
|
wdisp/HTTP/context_timeout | Specifies the maximum lifespan of a session. Session ID entries that have not been accessed for a long time can be removed from the table. The profile parameter affects both ABAP and Java sessions. |
3600 |
|
wdisp/HTTP/jsessionid_tab_support | Configues the session dispatching. |
TRUE |
|
wdisp/HTTP/max_pooled_con | Specifies the maximum number of HTTP connections in the connection pool from the SAP Web Dispatcher to an application server. You do not normally need to change the default setting. |
($(icm/max_conn)) |
|
wdisp/HTTP/max_session_tab_entries | Specifies the maximum number of entries in the session ID table. If this limit is exceeded, requests that are not contained in the table are forwarded to a default server (for each logon group). This means there is no longer any load balancing. |
50000 |
|
wdisp/HTTP/max_session_tab_logon_groups | Specifies the maximum number of logon groups that the SAP Web Dispatcher/ICM supports. Here only the logon groups for which the SAP Web Dispatcher actually gets requests are considered, rather than all the logon groups configured in the system. |
32 |
|
wdisp/HTTP/min_pooled_con | Specifies the minimum number of HTTP connections that are kept in the SAP Web Dispatcher's connection pool for each application server. This number of connections is kept before the first HTTP request is received. |
2 |
|
wdisp/HTTP/use_pool_for_new_conn | Activates the connection pooling for new browser connections too If the profile parameter has the default value FALSE, the connection pooling is used only for keep-alive connections to the browser. |
FALSE |
|
wdisp/HTTPS/context_timeout |
SSL Parameters for the Web Dispatcher. |
- |
|
wdisp/HTTPS/ dest_logon_group | Specifies the logon group for load balancing requests in the SAP Web Dispatcher with HTTPS. If a logon group is defined, the requests are passed to the servers in this group only. If no group is defined, the requests can be passed to all of the servers in the system. |
- |
|
wdisp/HTTPS/max_client_ip_entries | Specifies the maximum number of entries in the mapping table between the client IP address and the application server. The memory for the mapping table is allocated in the host's shared memory. |
50000 |
|
wdisp/HTTPS/max_pooled_con | Specifies the maximum number of HTTPS connections in the connection pool from the SAP Web Dispatcher to an SAP Web application server. |
2000 |
|
wdisp/HTTPS/min_pooled_con | Specifies the minimum number of HTTPS connections that are kept in the SAP Web Dispatcher's connection pool for each application server. This number of connections is kept before the first HTTPS request is received. Since a thread is blocked in the ICM for each HTTPS connection in the pool on the Web AS side, you should not change the default value of 0. |
0 |
|
wdisp/HTTPS/sticky_mask | Describes a bit mask for client IP addresses. The IP address of a client that connects with the SAP Web Dispatcher is linked with this bit mask (AND) and the result is used for load balancing of clients. This allows you to combine groups of client IP addresses. This functionality is required because large internet providers use several proxies (with different IP addresses) but the clients must be handled in the same way (applications with a status on the server). This parameter is only required for HTTPS connections. |
255.255.240.0 This means that the last 12 bits of the client IP address are no longer significant (are not distinguished). |
|
wdisp/info_timeout | Specifies the timeout for retrieving configuration data in the application servers. If the SAP Web Dispatcher receives no response within this time, it asks the next server. The profile parameter also defines the timeout for the ping of requests to the application servers (see below). |
180 |
|
wdisp/J2EE/group_info_location | Specifies the URL under which the SAP Web Dispatcher receives the information about the logon groups in AS Java. |
/J2EE/icr_ groups |
|
wdisp/J2EE/url_map_location | Specifies the URL under which the SAP Web Dispatcher finds the URL mapping info for AS Java. |
/J2EE/icr_ urlprefix |
|
wdisp/load_balancing_strategy | Specifies the load balancing strategy of SAP Web Dispatcher. Possible Values: weighted_round_robin simple_weighted_round_robin adaptive |
weighted_round_robin |
|
wdisp/max_permission_table_entry_size | Specifies the maximum length of a table entry (a row) in the URI permission table of the SAP Web Dispatcher. |
256 |
|
wdisp/max_permission_table_size | Specifies the maximum length of a table entry (a row) in the URI permission table of the SAP Web Dispatcher. | 300 |
|
wdisp/max_permitted_uri_len | Configures the SAP Web Dispatcher as a URL filter. |
2048 |
|
wdisp/max_server_group_name_len | Specifies the maximum length of an entry in the SAP Web Dispatcher's group table. |
20 |
|
wdisp/max_server_groups | Specifies the maximum number of entries in the SAP Web Dispatcher's group table. |
128 |
|
wdisp/max_server_name_len | Specifies the maximum length of an entry in the SAP Web Dispatcher's server table, that is, the maximum length of an instance name (profile parameter rdisp/myname of the individual servers). |
64 |
|
wdisp/max_servers | Specifies the maximum number of entries in the SAP Web Dispatcher's server table. |
100 |
|
wdisp/max_url_map_entries | Specifies the maximum number of entries in the URL mapping table of the SAP Web Dispatcher. |
300 |
|
wdisp/max_url_map_ path_len | Specifies the maximum path length of the URL mapping table of the SAP Web Dispatcher. |
256 |
|
wdisp/permission_table | Specifies the absolute or relative path for URI permission table. |
- |
|
wdisp/permitted_uri_char_range | Limits the characters allowed in the URL. A range of ASCII characters is specified, for example 32-127. |
- |
|
wdisp/ping_abap_url | Specifies the URL that the SAP Web Dispatcher uses for ping requests (ABAP servers, Java servers, and external systems). The ping requests that can be configured with these profile parameters are used for the health check of the instances. The specified request is sent periodically to each application server instance. If the specified request for an instance does not respond positively within a defined time (HTTP status code 200 (OK)), this instance is removed from the SAP Web Dispatcher load balancing. You can configure the frequency with which a request is sent to each instance in parameter wdisp/auto_refresh. The time allowed for receiving the response can be configured in parameter wdisp/info_timeout. |
/sap/public/icman/ping |
|
wdisp/ping_extsrv_url | Specifies the URL that the SAP Web Dispatcher uses for requests. The ping requests that can be configured with these profile parameters are used for the health check of the instances. |
- |
|
wdisp/ping_java_url | Specifies the URL that the SAP Web Dispatcher uses for requests to the Java server. The ping requests that can be configured with these profile parameters are used for the health check of the instances. | - |
|
wdisp/ping_protocol | Specifies the protocol that the SAP Web Dispatcher uses processing ping requests to the application servers. You can secure the conenction using HTTPS. |
HTTP |
|
wdisp/redispatch_foreign_sessions | If the value of this parameter is true, the Web Dispatcher tries to find an alternative server using stateless load balancing for failed stateful requests (incorrect session cookie or the target server cannot be accessed). This has the following advantages:
Example
The SAP Web Dispatcher receives a request for a logon group WEB, yet no server from the WEB group can be accessed The Web Dispatcher then tries to find an alternative server among all the accessible servers and forwards the request to it. You can override this behavior by setting the parameter to FALSE. In this case the Web Dspatcher returns an error. |
TRUE |
|
wdisp/server_info_location | Specifies from where the SAP Web Dispatcher obtains information about the application servers, to which it can distribute the Web requests. The SAP Web Dispatcher gets its information from the message server. The parameter indicates the (relative) URL where in the message server this information is. Caution We recommend that you do not use static files.
|
/msgserver/text/ logon?version=1.2 |
|
wdisp/server_info_protocol | Specifies the protocol that the SAP Web Dispatcher should use for communicating with the message server and the application servers for exchanging metadata (server list, logon groups, URL mapping) or for performing the ping request on the application server. You can secure the conenction using HTTPS. |
HTTP |
|
wdisp/shm_attach_mode | Specifies what should happen to the shared memories of the SAP Web Dispatcher. The possible values and their meaning are the values of the start option -shm_attach_mode of the SAP Web Dispatcher. If the command line option is set explicitly to a different value when the Web Dispatcher is started, this value is definitive and the parameter value is overwritten. |
6 |
|
wdisp/ssl_auth | Specifies which X.509 client certificate of the SAP Web Dispatcher can be used with the application servers. The following values are possible:
|
1 |
|
wdisp/ssl_certhost | Specifies the host, in the name of which the server certificate is issued. Then you do not have to provide a certificate for each application server. If the profile parameter is not defined, for each application server a server certificate must be set up on the relevant host. This profile parameter is only relevant if you have configured a connection between the SAP Web Dispatcher and the back-end servers with SSL, that is, either a connection to the message server (wdisp/server_info_protocol = https), to the application servers (wdisp/group_info_protocol= https or wdisp/url_map_protocol= https or wdisp/ssl_encrypt). |
- |
|
wdisp/ssl_cred | Specifies the name of the PSE file used for authentication on the server. This option is only relevant with wdisp/ssl_auth = 2. |
- |
|
wdisp/ssl_encrypt | Specifies how the SAP Web Dispatcher handles inbound HTTP/S requests. The following values are possible: 0: Forward the request unencrypted. 1: Encrypt the request again with SSL, in case the request arrived via HTTPS protocol. 2: Always forward the request encrypted with SSL. |
0 |
|
wdisp/ssl_ignore_host_mismatch | If the connection between the Web Dispatcher and application server is re-encrypted (wdisp/ssl_encrypt = 1), the server must produce an SSL server certificate before the connection can be opened. If the host name in the certificate does not match the server name the Web Dispatcher is connected to (names are not case-sensitive), no SSL connection can be established. If this profile parameter is now set to TRUE, the SAP Web Dispatcher ignores the missing match between the server certificate and the server host name, and uses this newly opened SSL connection between the SAP Web Dispatcher and the server for the communication. |
FALSE |
|
wdisp/system_xx | Used to configure the Web Dispatcher for multiple back-end systems. |
- |
|
wdisp/url_map_location | Specifies the URL under which the SAP Web Dispatcher finds the URL mapping info. Path in the HTTP service tree of the application server (AS ABAP). If there is no application server with ICF (ABAP) available, you can store this information in a file. In this case you can use this parameter to specify the file path by setting the parameter to file://<path>. Caution We recommend that you do not use static files.
|
/sap/public/ icf_info/icr_ urlprefix |
|
wdisp/url_map_protocol | Specifies the protocol that the SAP Web Dispatcher is to use for reading URL mapping information from the AS ABAP application servers. You can secure the conenction using HTTPS. |
HTTP |