Forum Discussion
Hi Dany,
As already stated in the article you've found. You simply can't parse URIs including hash signs. The part after the
is supressed by the browser...
Old fashioned websites have used those fragement identifiers to jump into a specific section of an single HTML document. Modern websites (e.g. based on AngularJS) are using those fragement identifiers within client-side JScripts to dynamically load additional content in the background via API calls based on the currently displayed fragment identifier. For API based web applications the URL after the
is just a client-side thingy to allow the user to create bookmarks for deep nested pages. The HTML pagesyou see are non-existent on your web servers...
To grant access to just a subset of your web site you would need to fully understand how the fragment identifier is used by your application and how subsequent content is loaded by the browser. You need to fully understand the application logic and the involved API calls and then write an Application Layer Gateway to allow/block specific API calls...
Sounds terrible for you? I completely agree! And to make it even worse, you will need to review/adjust your homegrown Application Layer Gateway each time the web application gets an update...
Cheers, Kai