3594909 – Service Layer cannot be accessed by using the external IP address

De acordo com a nota 3594909 uma nova regra de validação para acesso a Service Layer foi implementada a partir da versão FP2502 HF1, criando uma validação para o endereço do servidor da Service Layer, onde o próprio IP externo ou endereço de DNS do servidor precisa ser informado.

Na pasta de instalação da SL editar o arquivo “httpd-b1s-lb.conf”e incluir os dados.

Abaixo exemplo do arquivo, onde informamos o IP e o DNS do servidor

3594909 – Service Layer cannot be accessed by using the external IP address

Component: SBO-SDK-SVL (SAP Business One > Software Development Kit > Service Layer), Version: 2,

Released On: 13.06.2025

Symptom

When accessing the Service Layer using the configured external IP address, you are unable to view the default Service Layer

page on port 50000, or log in to the databases. The following error is displayed:

403 Forbidden

You don’t have permission to access this resource.

Environment

SAP Business One 10.0, FP2502 HF1

SAP Business One 10.0, version for SAP HANA, FP2502 HF1

Reproducing the Issue

1. Configure an external IP address to access the Service Layer and set up port forwarding to port 50000 on the reverse

proxy or firewall.

2. In a web browser, navigate to: https://<YourExternalIP>:<YourPort>

3. Attempt to log in to the company using a testing tool, for example, Postman by sending a POST request

to: https://<YourExternalIP>:<YourPort>/b1s/v2/Login

Cause

As of SAP Business One 10.0 FP2502 HF1, the Service Layer validates the Host header in incoming requests. If the header

does not contain an allowed hostname or IP address explicitly defined in the configuration file, the request will be blocked.

Resolution

You are required to define the trusted external IP in the load balancer configuration:

1. Open the load balancer configuration file httpd-b1s-lb.conf in a text editor.

Default file location:

Windows: C:\Program Files\SAP\SAP Business One ServerTools\ServiceLayer\Conf\httpd-b1s-lb.conf

Linux: /usr/sap/SAPBusinessOne/ServiceLayer/conf/httpd-b1s-lb.conf

2. Locate the following section that defines the allowed HTTP hosts:

RewriteCond %{HTTP

_

HOST} !XXXX [NC]

…

RewriteRule .

*

– [F]

3. Add the Service Layer external IP address as a trusted host by modifying the section as follows:

RewriteCond %{HTTP

_

HOST} !XXXX [NC]

…

RewriteCond %{HTTP

_

HOST} !externalIP [NC]

RewriteRule .

*

–

[F]

4. Restart the Service Layer to apply the changes.

Attributes

Key Value

Requires Action 0Products

Products

SAP Business One 10.0

SAP Business One 10.0, version for SAP HANA