Forum Discussion

Nimbostratus

Feb 26, 2008

Obfuscate URI's?

Greetings! Has anyone any ideas on ways to create an iRule that will obfuscate URI's used (and returned in the HTTP payload)? We've inherited a problem with a very badly written ap...

Cirrostratus

Mar 03, 2008

Well, after ~500 lines and a few long nights, we have a working first version of a rule which enforces a session in the app and encrypts the links in response headers/content. This prevents attackers from exploiting most of the vulnerabilities through forceful browsing. The next thing we're looking at is encrypting vulnerable parameter values in response content to really lock it down. ASM would have been nice here, but it wasn't an option in the time frame.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)