Firewalls, URL Signing and Form Hardening

We've installed Sophos UTM and are running various web sites behind it. Sophos has two options "Form hardening" and "Static URL hardening" that are intended to protect your web site from hackers.

It does this be inspecting the content in a page and, in brief, checking that when the client makes requests from that page that they are valid.

However this causes problems with some of our web sites where they dynamically construct URLs (for example an Ajax request) in Javascript, such URLs are not seen as valid and are blocked by the firewall. MyLabCorp

My question is is this type of firewall protection going to become an increasingly common thing that I, as a web developer, am going to have to code around? Or is this always going to be a niche thing that will only work for certain web sites?

I can't find an awful lot of chatter about this topic on the web, so any thoughts would be very welcome.



Missing Something
[edited by: Dollie Schmidt at 4:09 AM (GMT -7) on 4 Jul 2022]
Parents
  • Hello,

    "Static URL hardening" is what it is: static. So if you dynamically build URLs, this won't fit very well.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello,

    "Static URL hardening" is what it is: static. So if you dynamically build URLs, this won't fit very well.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data