IpVerification Manager

IpVerification Manager stores and manages a list of hostnames, represented as IP addresses. Its task is to verify if a given IP address is allowed to access the corresponding node. It runs on both dispatcher and server nodes.

Visual Administrator

Properties

	Dispatcher
Property	Description	Default Value

HostsFileName	Specifies the filename of the text file that contains a list of allowed and denied IP addresses. If a file with incorrect contents is given, IpVerification Manager stores an error event in the Log Manager.	managers/ipverify/hosts.txt
SAP_J2EE_Engine_Version	Specifies the version of SAP J2EE Engine.

	Server
Property	Description	Default Value

HostsFileName	Specifies the filename of the text file that contains a list of allowed and denied IP addresses. If a file with incorrect contents is given, IpVerification Manager stores an error event in the Log Manager.	managers/ipverify/hosts.txt
SAP_J2EE_Engine_Version	Specifies the version of SAP J2EE Engine.

Property Files

../cluster/dispatcher/managers/settings/IpVerificationManager.properties ,
IpVerification Manager properties specified in the Visual Administration section can be set from this file as well.

../cluster/server/managers/settings/IpVerificationManager.properties ,
IpVerification Manager properties specified in the Visual Administration section can be set from this file as well.

Critical Information and Troubleshooting Tips

The file specified in HostsFileName property is created, or must exist in the corresponding ../dispatcher or ../server directory. It contents must be correct. Each line of this text file must have the following syntax:

Line ::= “#” {anythyng} | hostLine
       hostLine ::= mode “=” hostIP [“/”mask] [“,”port [“,”protocol]]
       mode ::= “allow” | “deny”
       hostIp ::= hostRange ”.” hostRange ”.” hostRange ”.” hostRange
       hostRange ::= number [“-“ number] | “*”
       number ::= positive_integer_number
       mask ::= number ”.” number ”.” number ”.” number
       port ::= number[“-“ number] | “*”
       protocol ::= “tcp” | ”udp” | “*”

These components have the following semantics:

A line beginning with the # sign is not interpreted. This denotes a comment line.
mode specifies if the host (or range of hosts) on this line are allowed or denied.
hostIp represents one or more IP addresses.
hostRange is a single number or a range of numbers. Range of numbers are two numbers divided with “–?.
number is a positive integer number (0 – 255).
mask is a subnet mask. Bitwise AND operation is calculated between the given IP (range of IPs) and the mask.
port is a positive integer number. A range of ports can be specified using the “–? sign.
protocol defines the used protocol. Possible values are tcp, udp and * (both).

This is an example of the usage of the components specified above:

   #
   # this is a comment
   #
   allow = 192.168.*.10-20, *, tcp
   deny = 131.132-140.*.0 / 255.255.254.0
   allow = 192.168.1.123, 80, tcp
   allow = 192.168.1.123, 443, tcp

An example of the usage of subnet masks follows:

192.168.34.15/255.255.255.0 – no IP address corresponds to this range
192.168.34.10-20/255.255.255.0 – no IP address corresponds to this range
192.168.34.2/255.255.255.2 – corresponds to 192.168.34.2 , 192.168.34.4 – with an even last part, greater than zero
192.168.34-35.2/255.255.255.2 – corresponds to the IP range: 192.168.34.2 , 192.168.34.4 , ... , 192.168.34.254 , 192.168.35.2 , 192.168.35.4 , ... , 192.168.35.254 – whose last part is an even integer number greater than zero