Over the years I've had to install and upgrade a number of SAP Web Dispatchers, the following is my go-to configuration for version 7.45 as per and starting with SAP Note 908097 SAP Web Dispatcher: Release, apply patches #/notes/908097/E
Note the following statements, "Version 7.45 is the recommended SAP Web Dispatcher version for all backend systems" and "SAP Web Dispatcher version 7.45 is installed and delivered in the Unicode variant, older versions were non-Unicode. The non-Unicode variant is installed in the ../nuc/.. directory instead of ../uc/". Hence best to switch to ../uc/ when upgrading from a release prior to 7.45.
The configuration below is for a S/4 HANA (HANA system_0) & ABAP (system_1), default ports, supporting end-to-end HTTPS, running on a virtual IP (alias). I've also included references to SAP notes around some of the features and security parameters that I tend to enable for an internal install. Logging, HTTPS, http_mod configured as required.
The following directories need to be created to support the config:
$(DIR_INSTANCE)/data/error_templ
$(DIR_INSTANCE)/log/httpaccess
$(DIR_INSTANCE)/data/cache/0
The following files need to be created to support the config:
$(DIR_PROFILE)/$(SAPSYSTEMNAME)_$(INSTANCE_NAME)_http_mod
$(DIR_PROFILE)/$(SAPSYSTEMNAME)_$(INSTANCE_NAME)_permission_table
Parameters
# DEFAULT.PFL
SAPSYSTEMNAME = <SAPSID>
OS_UNICODE = uc
SAPGLOBALHOST = <hostname>
system/type =
#-----------------------------------------------------------------------
# Security
#-----------------------------------------------------------------------
# 2287039 - ICMAN - Redirect page shows server information
is/server_name = SAP
is/server_version = 1.0
# 2260323 - Internet Communication Manager (ICM) 7.20 security settings
is/HTTP/show_server_header = FALSE
is/HTTP/show_detailed_errors = FALSE
icm/HTTP/error_templ_path = $(DIR_INSTANCE)/data/error_templ
# INSTANCE_PROFILE.PFL
SAPSYSTEMNAME = <SAPSID>
SAPSYSTEM = <NR>
INSTANCE_NAME = W<NR>
DIR_CT_RUN = $(DIR_EXE_ROOT)$(DIR_SEP)$(OS_UNICODE)$(DIR_SEP)linuxx86_64
DIR_EXECUTABLE = $(DIR_CT_RUN)
SAPLOCALHOST = <HOSTNAME>
SAPFQDN = <FQDN>
SAPLOCALHOSTFULL = $(SAPLOCALHOST).$(SAPFQDN)
DIR_PROFILE = $(DIR_INSTALL)/profile
_PF = $(DIR_PROFILE)/$(SAPSYSTEMNAME)_$(INSTANCE_NAME)_$(SAPLOCALHOST)
SETENV_00 = DIR_LIBRARY=$(DIR_LIBRARY)
SETENV_01 = LD_LIBRARY_PATH=$(DIR_LIBRARY):%(LD_LIBRARY_PATH)
SETENV_02 = SHLIB_PATH=$(DIR_LIBRARY):%(SHLIB_PATH)
SETENV_03 = LIBPATH=$(DIR_LIBRARY):%(LIBPATH)
SETENV_04 = PATH=$(DIR_EXECUTABLE):%(PATH)
#-----------------------------------------------------------------------
# Accessibility of Message Server
#-----------------------------------------------------------------------
# 2193190 - Web Dispatcher - wdisp/system_conflict_resolution - BEST_MATCH
wdisp/system_conflict_resolution = BEST_MATCH
# 1937653 - System specific SSL parameter for SAP Web Dispatcher
wdisp/system_0 = SID=HDB, EXTSRV=https://saphdb1.$(SAPFQDN):4300, SRCSRV=$(SAPLOCALHOST).$(SAPFQDN):443, SRCVHOST=<ALIAS0>.$(SAPFQDN):443, SRCURL=/sap/hba/;/sap/hana/;/sap/ui5/, SSL_ENCRYPT=2
wdisp/system_1 = SID=ERP, MSHOST=saperp1.$(SAPFQDN), MSSPORT=8100, SRCSRV=$(SAPLOCALHOST).$(SAPFQDN):443, SRCVHOST=<ALIAS1>.$(SAPFQDN):443, SCSHOST=saperpscs.$(SAPFQDN), NR=01, SSL_ENCRYPT=2, CONFIG_PROTOCOL=https
#-----------------------------------------------------------------------
# Configuration for default scenario
#-----------------------------------------------------------------------
# 2007212 - Tuning SAP Web Dispatcher and ICM for high load
icm/max_conn = 2000
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
# 421359 - ICM: Binding ports < 1024 on UNIX
icm/server_port_0 = PROT=HTTP, HOST=$(SAPLOCALHOST), PORT=80, TIMEOUT=360, PROCTIMEOUT=720, EXTBIND=1
icm/server_port_1 = PROT=HTTPS, HOST=$(SAPLOCALHOST), PORT=443, TIMEOUT=360, PROCTIMEOUT=720, EXTBIND=1, SSLCONFIG=ssl_config_0
# 2258786 - Potential information disclosure relating to SAP Web Administration Interface
icm/HTTP/admin_0 = PREFIX=/sap/admin/, DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir, HOST=$(SAPLOCALHOST).$(SAPFQDN), AUTHFILE=$(icm/authfile), PORT=443, ALLOWPUB=FALSE
icm/host_name_full = $(SAPGLOBALHOST).$(SAPFQDN)
#-----------------------------------------------------------------------
# Security
#-----------------------------------------------------------------------
# 2014996 - SSL Setup SAP Web Dispatcher
# 510007 - Setting up SSL on Application Server ABAP
icm/ssl_config_0 = VCLIENT=1, CRED=$(DIR_INSTANCE)/sec/SAPSSLS.pse
icm/HTTPS/verify_client = 1
icm/HTTPS/forward_ccert_as_header = TRUE
# 2160678 - SSO stops working when the "icm/HTTPS/trust_client_with*" parameters are configured
icm/HTTPS/trust_client_with_issuer = CN=<as required>
icm/HTTPS/trust_client_with_subject = CN=<as required>
# 2092630 - Turning off SSLv3 on SAP NetWeaver
ssl/ciphersuites = <as required>
ssl/client_ciphersuites = <as required>
wdisp/add_client_protocol_header = TRUE
wdisp/ssl_encrypt = 2
wdisp/ssl_auth = 2
wdisp/ssl_cred = $(DIR_INSTANCE)/sec/SAPSSLC.pse
wdisp/HTTP/use_pool_for_new_conn = 1
# 2180024 - HANA & ABAP: New Option to Enable/Disable FIPS 140-2 Certified Crypto Kernel
ccl/fips/enable = 1
#-----------------------------------------------------------------------
# Logging (System Specific)
#-----------------------------------------------------------------------
# 2155855 - Web Dispatcher - System specific logging, caching and file access
icm/HTTP/logging_0 = PREFIX=/, LOGFILE=$(DIR_INSTANCE)/log/httpaccess/dev_httpaccess.log.erp, LOGFORMAT=SAP, SWITCHTF=day, SYSTEM=ERP
icm/HTTP/logging_1 = PREFIX=/, LOGFILE=$(DIR_INSTANCE)/log/httpaccess/dev_httpaccess.log.hdb, LOGFORMAT=SAP, SWITCHTF=day, SYSTEM=HDB
icm/HTTP/logging_2 = PREFIX=/sap/admin/, LOGFILE=$(DIR_INSTANCE)/log/httpaccess/dev_httpaccess.log.adm, LOGFORMAT=SAP, SWITCHTF=day
#-----------------------------------------------------------------------
# URL Mod Handler
#-----------------------------------------------------------------------
icm/HTTP/mod_0 = PREFIX=/, FILE = $(DIR_PROFILE)/$(SAPSYSTEMNAME)_$(INSTANCE_NAME)_http_mod
#-----------------------------------------------------------------------
# Permission Table
#-----------------------------------------------------------------------
wdisp/permission_table = $(DIR_PROFILE)/$(SAPSYSTEMNAME)_$(INSTANCE_NAME)_permission_table
#-----------------------------------------------------------------------
# File Access (Global)
#-----------------------------------------------------------------------
icm/HTTP/file_access_0 = PREFIX=/robots.txt, DOCROOT=$(DIR_INSTANCE)/data/public/robots.txt
icm/HTTP/file_access_1 = PREFIX=/favicon.ico, DOCROOT=$(DIR_INSTANCE)/data/public/favicon.ico
#-----------------------------------------------------------------------
# Cache (Global)
#-----------------------------------------------------------------------
icm/HTTP/server_cache_0/http_cache_control = true
icm/HTTP/server_cache_0 = PREFIX=/, CACHEDIR = $(DIR_INSTANCE)/data/cache/0
icm/HTTP/server_cache_0/expiration = 86400
#-----------------------------------------------------------------------
# Start Web Dispatcher
#-----------------------------------------------------------------------
# 768727 - Automatic restart functions in sapstart for processes
Autostart = 1
SignalMask_00 = default, 9
logfile/rotate = true
_WD = wd.sap$(SAPSYSTEMNAME)_$(INSTANCE_NAME)
SETENV_05 = SECUDIR=$(DIR_INSTANCE)/sec
Execute_00 = local rm -f $(_WD)
Execute_01 = local ln -s -f $(DIR_EXECUTABLE)/sapwebdisp$(FT_EXE) $(_WD)
Restart_Program_00 = local $(_WD) pf=$(_PF)
# _permission_table
# Deny public information
D /sap/public/icf_info/*
D /sap/public/info
D /sap/public/icf_check
# Allowed
S /sap/*
# Deny all others
D *
Some other good features to be aware of:
1971571 - Web Dispatcher new features: Proxy connect and cookie filter #/notes/1971571/E
2220456 - How to configure SAP Web Dispatcher for Reverse Invoke #/notes/2220456/E
2192839 - Using Web Dispatcher protocol ROUTER for TCP load balancing #/notes/2192839/E
Hope it's of help
Craig