External access to SAP NetWeaver Administration console
Normally, you would need to organize a group access to SAP NetWeaver Administration console from remote machines. By default, it is locked in accordance with the policy implemented in ICM filter. If you try to access the page, you'll get an error message "403 Forbidden", "Remote access to the NetWeaver Administrator is forbidden, please see SAP note 1451753". This is actually a note you can start with, or, you can just follow a simplified number of steps as below:
1. Open DEFAULT file which is located in 'usr/sap/<SID>/SYS/profile/' path;
2. Add the following line at the end of all lines:
icm/HTTP/mod_0 = PREFIX=/,FILE=$(DIR_GLOBAL)/security/data/icm_filter_rules.txt
3. Click Save
4. Open icm_filter_rules.txt file which is located in the path 'usr/sap/<SID>/SYS/global/security/data/'
5. Comment all the lines available as shown in the following point:
#if %{REMOTE_ADDR} !stricmp 127.0.0.1 [AND]
#if %{REMOTE_ADDR} !stricmp ::1
#RegIRedirectUrl ^/webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd/(.)*$ /nwa/remote_access_error [QSA]
6. Save file7. Restart the Java AS8. Now try http://host:port/nwa You should not get remote access error now.
Note: If you're a security maniac, instead of commenting out the lines on the 5th step, you can add your own IP to this expression in order to prevent anyone else's access to this area.