Sunday, June 16, 2013

Restrict access to non-SSL links for BO web applications deployed on Apache Tomcat

  • Apache Tomcat 5.5.x
  • SAP BusinessObjects Enterprise Xi 3.1 (applicable to all SP/FP)
  • Supported Windows Server
After the SSL is successfully configured, users will be able to access the SSL as well as the non-SSL links for BO web applications; which might be a security vulnerability.
  1. Take a backup of the “server.xml”file located at <INSTALL_DIR>\Program Files\Business Objects\Tomcat55\conf\
  2. Edit the server.xml and search for the line : “Connector URIEncoding=”UTF-8″
  3. Comment this line, as : <!– <Connector URIEncoding=”UTF-8″ acceptCount=”100″ connectionTimeout=”20000″ disableUploadTimeout=”true” enableLookups=”false” maxHttpHeaderSize=”8192″ maxSpareThreads=”75″ maxThreads=”150″ minSpareThreads=”25″ port=”8080″ redirectPort=”8443″/> –>
  4. Save and close the file.
  5. Stop the SIA from CCM ; SIA -> Properties -> Protocol :: Ensure that “Enable SSL” is unchecked. Start SIA
  6. Restart Tomcat from CCM
Now you can logon to the CMC and Infoview only through SSL. Try to access the non- SSL link and you'll get a “Page cannot be displayed” error.

Hope you find this useful.
Umang Patel.
SAP BO BI Solution Architect/Consultant

1 comment: