Forum Discussion
CirrusHide uri on client side
Rafi1 That is definitely possible but keep in mind that while the client sees path "/abc/def" the server will see only "/" which is the root of the website. So if you decide to change all paths that the client sees to "/" just make sure that the path "/" has all the content that you're looking for. Again, this is another reason why obfuscating the path really isn't the path to go down to provide security for your website over something such as a login token or any other security measure you can take over obfuscation.
MVPRafi1 Even with an alias you would still have an instance where they user can still get to the destination just using a different path. In this instance you are better off obfuscating this on the server side rather than the F5. I would be interested in knowing what CISO has listed as the policy that you are attempting to solve for. I can see stripping local device name or IP address if it's provided in the response to the client but other than that obfuscating the response rather than implementing security features such as login tokens and the like is not a superior security stance.
CirrusHi Paulius,
OK,
So what if we want change the uri path, just hide it
example:
https://web.com/abc/def -> https://web.com
But the cliet see content of https://web.com/abc/def
Is it possible ?
- Paulius
Rafi1 That is definitely possible but keep in mind that while the client sees path "/abc/def" the server will see only "/" which is the root of the website. So if you decide to change all paths that the client sees to "/" just make sure that the path "/" has all the content that you're looking for. Again, this is another reason why obfuscating the path really isn't the path to go down to provide security for your website over something such as a login token or any other security measure you can take over obfuscation.
- Rafi1
Understood thank you very much
