DESCRIPTION

URL hardening enforces what request a client is allowed to make of a web server. It makes certain what happens next by the user is something the web server is actually expecting. This whitelist-style approach means if you have left a directory open, misconfigured a script/application, or otherwise left your site open to exploitation, this feature will act as a shield.

While patterns can (and are) used successfully to counter injection and XSS attacks, this type of protection provides additional security.  As you visit the site, URL hardening will analyse the response to your query from the server, and in real-time create a valid “moves list” of valid links you can request “next”. As such, this is a sort of dynamic, reactive white list approach built on a per-user basis.

All you have to do is define your “ingress” points where a user is allowed to “land” (such as www.astaro.com or www.astaro.com/products) depending on the size of the site and the amount of deep-linking you allow, this could be just a few links, or dozens+.  From there, Astaro auto-whitelists the users next available “moves” by examining the valid links and navigable points the web server issues them in response to their “click”.

This makes it difficult for the visitor to access or do something unexpected, as this URL hardening approach regulates their activities to known paths and areas of expected access.

Technical Information

Astaro’s URL Hardening lets you keep visitors on proper paths as they move around your site(s):

• Define and manage allowed entry URL’s
• Prevent unwanted “deep-linking” to your site, and control entry points of visitors
• Inspect the objects returned from a server in response to a user request, and enforces that the next thing they request is on that list
• Prevent users from passing commands to your servers which can exploit or overwhelm them
• Keep visitors from accessing areas of the site not meant for them, like a /admin directory which has not been appropriately secured
• On-the-fly inspection and building of object and URL whitelist customizes the feature per-user.

Updating...