Show TOC

Defining Whitelist Using FileLocate this document in the navigation structure

Use

The whitelist is maintained in a single text file in the admin folder.

For Microsoft Windows Server 2003 this file is located in %ALLUSERSPROFILE%\Application Data\SAP\NWBC\Whitelist.ini.

For all other operating systems this file is located in %ALLUSERSPROFILE%\SAP\NWBC\Whitelist.ini.

The file format is very similar to standard Windows INI files. Each system is initiated by a header consisting of the SID (for SAP EP connections it is the connection name) embedded in square brackets, for example [ABC]. Be aware that the system ID is case-sensitive.

Following the header line, each whitelist pattern is stated in a separate line, for example, *://*.mydomain.com:*/*.

The file can contain comments that are initiated by a semicolon, for example:

; this is a comment line

It is possible to define global whitelist patterns that are applied for all systems. These are defined in the [*] section.

A whitelist pattern for standard http/ https/ ftp URLs consists of four parts: the protocol, the host, the port, and the path. It is possible to use wildcards to generalize the pattern:

  • The protocol must be specified either complete or using a * for any protocol. It is not possible to define only parts of the protocol, for example, this is not allowed: http*://

  • The host can be generalized by using a single * at the very beginning, for example, *.myhost.mydomain

  • The port is optional. In case you do not state the port, the default port for the protocol is used, that is 80 for http, 443 for https. A * stands for any port.

  • The path can be generalized by using a single * at the very end, for example, /allowed/path/*

It is also possible to specify other protocols like file: or mailto:. These are handled as having only two parts, the protocol and the path.

Example

An example Whitelist.ini file could look like this:

; global entries for all systems

[*]

*://*.mydomain.com:*/*

; system ABC

[ABC]

*://*.google.com/*

; a connection against an SAP portal using the connection name 'My Portal Connection'

[My Portal Connection]

; for simplicity a * can be used to allow all * (equivalent to *://*:*/*)

*