For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

refra_151287's avatar
refra_151287
Icon for Cirrus rankCirrus
Nov 11, 2015

URL Hashing OR URL decoding

I've an issue, and we want to hash the URI (or encoding) in other words I don't want the user to see the original URL that the server sent, we want the user to see just decoded value, is there any wa...
application delivery
devops
iRules
Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Nov 12, 2015

You understand that this will require you to rewrite every resource on the site that the server sends in its responses. This will not be an easy task. Any particular reason you want to do this? Would it be easier to sanitize specific data?

 

Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Nov 12, 2015
Security through obscurity is not security, it is just obscurity. With that said, I guess the customer is always right even when they aren't. Hashing the URL in and of itself provides no security as you can still replay the hashed url. One thing you could do that will provide security and hash the url would be to use APM portal access. The will enforce logon and mask the "real" URL. Granted, it will still only be a base64 encoded url, Maybe this will satisfy your customer's requirements.