Parameter

Description

Unit

Default value

Wdisp/HTTPS/dest_logon_group         

This parameter is only relevant when using End-to-End SSL

This parameter determines the logon group for load balancing requests at the SAP Web dispatcher. If a logon group is defined, the requests are passed to the servers in this group only. If no group is defined, the requests can be passed to all of the servers in the system.

You maintain logon groups in transaction SMLG in the system.

Logon group name

wdisp/HTTPS/sticky_mask

This parameter is only relevant when using End-to-End SSL

This parameter describes a bit mask for client IP addresses. The result of the bitwise AND operation on the client’s IP address and the sticky mask is used for load balancing of clients.                   

This way you can summarize groups of client IP addresses.

This functionality is required because large internet providers use several proxies (with different IP addresses) but the clients must be handled in the same way. This is imperative for applications for which the server keeps a status (stateful applications).                                         

Character string

255.255.240.0                                   

The last 12 bits of the client IP address are no longer significant (are not distinguished).                      

wdisp/HTTPS/

max_client_ip_entries

This parameter is only relevant when using End-to-End SSL

This parameter specifies the maximum number of entries in the mapping table between the client IP address and the application server.                                                 

The memory for the mapping table is allocated in the host’s shared memory.                                              

Anzahl Einträge (Integerwert)

50000

wdisp/HTTPS/context_timeout

This parameter specifies the timeout for entries in the client IP table in seconds (default 3600). An entry is deleted from the table, if no request has arrived from this client IP address within the specified time span.

The value of this parameter must always be bigger than the session timeout of the application server. This value depends on whether it is an ABAP or a J2EE request.

●     ABAP: Profile parameter rdisp/plugin_auto_logout, see parameter documentation.

●     J2EE: See Specifying HTTP Session Timeout for Web applications and Additional Configuration Settings using the Visual Administrator.

Seconds

3600

wdisp/HTTPS/max_pooled_con 

This parameter is the same as wdisp/HTTP/max_pooled_con, though for HTTPS connections.

What is important here is the protocol used from the SAP Web dispatcher to the NW AS. See SAP Web Dispatcher and SSL.

You do not normally need to change the default setting.  

Number of connections

32768

wdisp/HTTPS/min_pooled_con

This parameter is the same as wdisp/HTTP/min_pooled_con, though for HTTPS connections

What is important here is the protocol used from the SAP Web dispatcher to the NW AS. See SAP Web Dispatcher and SSL.

Since for each HTTP connection in the pool on the NW AS, a thread is blocked in the ICM, you should not change the default value of 0!                                                 

Number of connections

0

wdisp/ssl_encrypt

This parameter determines how the SAP Web dispatcher handles inbound HTTP(S) requests. The following values are permitted:

0: Forward the request unencrypted.                        

1: Encrypt the request again with SSL, in case the request arrived via HTTPS protocol.                                  

2: Always forward the request encrypted with SSL.        

The parameter corresponds to the SSLENC option of the ICM parameter icm/HTTP/j2ee_<xx> 

You can also configure the SAP Web dispatcher for End-to-End SSL, by specifying the protocol ROUTER when you define the icm/server_port_<xx> parameter.               

Whole number (0, 1 or 2)

0

wdisp/ssl_auth

This parameter determines which X.509 client certificate of the SAP Web dispatcher can be used with which application servers.  

The following values are permitted:                                      

0: No certificate    

1: Default certificate      

2: Use the certificate specified in the wdisp/ssl_cred parameter.                              

The parameter corresponds to the TYPE option of the ICM parameter icm/HTTP/j2ee_<xx>

Whole number (0, 1 or 2)

0

wdisp/ssl_cred   

Name of the PSE file used for the server authentication. This option is only relevant if wdisp/ssl_auth =2.

The parameter corresponds to the CRED option of the ICM parameter icm/HTTP/j2ee_<xx>

File name/path name (corresponds to the operating system convention)

wdisp/ssl_certhost

This parameter is only relevant, if you have configured a connection with SSL, that is, either the connection to the message server (wdisp/server_info_protocol = https), to the application servers (wdisp/group_info_protocol=https or wdisp/url_map_protocol=https. Compare Metadata Exchange Using SSL), or the parameter is relevant for SSL termination (wdisp/ssl_encrypt = 1 or 2). For more information see SAP Web Dispatcher and SSL.

If wdisp/ssl_certhost is not defined, for each application server a server certificate must be set up on the relevant host.

In this parameter you can specify a host on which the server certificate is issued. Then you do not have to provide a certificate for each application server.                                  

Your server certificate is issued on the name "www.sap.com". You activate this certificate for all application servers in transaction STRUST. You also set the value of wdisp/ssl_certhost to www.sap.com.

If this parameter is not set, the host names on the message server (transaction SMLG) and the names the certificates are issued with must be the same.                                 

Host name