Security and configuration validation to check if HTTP port is active

Security & configuration validation can be used to check if on any ABAP stack the HTTP port is activated. Depending on your security concept this might be forbidden. Checking across all systems is a cumbersome job. Here the security and configuration check function of SAP Focused Run can help.

Setting up security and configuration validation rule to check if HTTP port is active

Go to the security and configuration validation policy tile:

Create a new policy with the following syntax:

<?xml version="1.0" encoding="utf-8"?>
<targetsystem xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" desc="Checks whether only HTTPS is active in SMICM" id="SMICM_HTTPSONLY" multisql="Yes" version="0000" xsi:schemaLocation="csa_policy.xsd">
  <configstore name="ABAP_INSTANCE_PAHI">
    <checkitem desc="item description" id="1.0.0.0">
      <compliant>NAME like 'icm/server_port_%' and NOT (VALUE like '%HTTP,%' ) </compliant>
      <complianttext/>
      <noncompliant>NAME like 'icm/server_port_%' and VALUE like '%HTTP,%' </noncompliant>
      <noncomplianttext/>
    </checkitem>
  </configstore>
</targetsystem>

Basically the rule says: no http found is ok and any http found is not ok.

Running the check

Run the check will give you all systems in red where HTTP is active and green if only HTTPs is active, or nothing is active:

Author: Frank Umans

Working in SAP since 1998. Started as ABAP developer and later moved to SAP basis and authorizations. Since 2020 working with SAP Focused Run.

Leave a Reply

Your email address will not be published.