Firewalls, URL Signing and Form Hardening

We've installed Sophos UTM and are running various web sites behind it. Sophos has two options "Form hardening" and "Static URL hardening" that are intended to protect your web site from hackers.

It does this be inspecting the content in a page and, in brief, checking that when the client makes requests from that page that they are valid.

However this causes problems with some of our web sites where they dynamically construct URLs (for example an Ajax request) in Javascript, such URLs are not seen as valid and are blocked by the firewall.

My question is is this type of firewall protection going to become an increasingly common thing that I, as a web developer, am going to have to code around? Or is this always going to be a niche thing that will only work for certain web sites?

I can't find an awful lot of chatter about this topic on the web, so any thoughts would be very welcome.

  • Hi and welcome to the UTM Community!

    Copy here the line from the Web Application Firewall log where your URL was blocked.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello,

    "Static URL hardening" is what it is: static. So if you dynamically build URLs, this won't fit very well.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.