Setting Up Access Control Lists (ACL) 
You can set up an ACL and use it to control access authorization for connections to the SAP GUI. They are based on the IP addresses of the clients.
Procedure
Create an ACL file using the syntax described below.
In the instance profile of the application server instance you set parameter rdisp/acl_file to the file path of the ACL file.
CautionIf the profile parameter is set, the file must exist and its syntax be correct. If the file does not exist, the application server closes.
If the parameter is not set, the application server accepts all connection requests.
End of the caution.
Syntax of the ACL file:
Lines in the ACL must have the following syntax:
Syntax
<permit | deny> <ip-address[/mask]> [tracelevel] [# comment]
Where,
permit = permits a connection, and deny = denies a connection.
<ip address>: The IP address must be an IPv4 or IPv6 address in the following form:
IPv4: 4 byte, decimal, '.' separated: e.g. 10.11.12.13
IPv6: 16 byte, hexadecimal, ':' separated. '::' is supported
<mask>: If a mask is specified, it must be a subnetwork prefix mask:
IPv4: 0-32
IPv6: 0-128
<trace level>: Trace level, with which ACL hits (matches of addresses based on the subnetwork mask) are written to the relevant trace file (default value 2).
<# comment>: Comment lines begin with a hash sign (#).
The file can contain blank lines.
As the last rule a general ban is inserted automatically.
To make it obvious, an explicit deny should be entered anyway as the last rule. The rules are checked sequentially from the “top down”. The first relevant rule determines the result (“first match”).
Example
|
More Information
You can set up ACL files similarly for the other ports on the application server. For more information, see the relevant documentation: