URL Hardening
Use layered scanning engines to stop viruses.
Many attacks which can compromise your web server involve a hacker doing something that the server does not expect. When the server tries to interpret a special command or crafted URL, it can create a hole which the attacker users to gain access to forbidden areas. URL hardening enforces the requests that a visitor is allowed to make; restricting them to valid ones only.
Description & Screenshots
URL hardening enforces what request a client is allowed to make of a web server. It makes certain what happens next by the user is something the web server is actually expecting. This whitelist-style approach means if you have left a directory open, misconfigured a script/application, or otherwise left your site open to exploitation, this feature will act as a shield.
While patterns can (and are) used successfully to counter injection and XSS attacks, this type of protection provides additional security. As you visit the site, URL hardening will analyse the response to your query from the server, and in real-time create a valid "moves list" of valid links you can request "next". As such, this is a sort of dynamic, reactive white list approach built on a per-user basis.
All you have to do is define your "ingress" points where a user is allowed to "land" (such as www.astaro.com or www.astaro.com/products) depending on the size of the site and the amount of deep-linking you allow, this could be just a few links, or dozens+. From there, Astaro auto-whitelists the users next available “moves” by examining the valid links and navigable points the web server issues them in response to their “click”.
This makes it difficult for the visitor to access or do something unexpected, as this URL hardening approach regulates their activities to known paths and areas of expected access.
Technical Information
Astaro’s URL Hardening lets you keep visitors on proper paths as they move around your site(s):
- Define and manage allowed entry URL’s
- Prevent unwanted "deep-linking" to your site, and control entry points of visitors
- Inspect the objects returned from a server in response to a user request, and enforces that the next thing they request is on that list
- Prevent users from passing commands to your servers which can exploit or overwhelm them
- Keep visitors from accessing areas of the site not meant for them, like a /admin directory which has not been appropriately secured
- On-the-fly inspection and building of object and URL whitelist customizes the feature per-user.
| Available Platforms | |
 |
Astaro
Security Gateway Hardware Appliances Our hardware appliances are purpose built, high-performance security devices. They integrate Astaro's security applications with a hardened Operating System on optimized Intel-compatible server systems that cater to every business size. This section details the series of Astaro Security Gateway hardware models available. Learn More.. |
 |
Astaro
Security Gateway Software Appliance Our software appliances include the operating system and all security applications bundled within a single software image. While offering the same capabilities as the hardware platform, they can be easily installed on your hardware of choice - maximizing deployment flexibility. The Astaro Security Gateway software appliances are much easier and faster to set-up than software applications that require the installation of an operating system in advance. This section details the security applications available, technical information and deployment scenarios. Learn More.. |
 |
Astaro Security Gateway
Virtual Appliance for VMware Our virtual appliances include a software appliance which has already been pre-installed and pre-configured for VMware environments. Being the first unified threat management product that has been certified as “VMware Ready”, it allows for the secure and easy deployment of an "all-in-one" security solution within a virtual environment. This section details the security applications available, technical information and deployment scenarios. Learn More.. |