Forum Discussion

SSHSSH_97332's avatar
SSHSSH_97332
Icon for Nimbostratus rankNimbostratus
Nov 29, 2012

ASM URL Flows

i have 2 servers behing WAF :

 

https://ebanking.bank.com/group/ & https://estatement.bank.com/group/retail/1

 

server 2 has accounts details , for example the below URL show users account details :

 

https://estatement.bank.com/Statmen...;TYPE=Acc >>>>>> Account URL

 

This URL above should be accessed only when Authenticating at Server1 at " https://ebanking.bank.com/group " & going to accounts page at server1 at " https://ebanking.bank.com/group/retail/statments " then clicking on account button here he can access the above mentioned URL named account URL ( ie : i don't want user to copy & paste this URL at the browser & access it directly when pasting at the browser )

 

i tried Login URL & URL flows but it seems hard for me

 

how can i achiev that in details ?

 

 

APM
app sec
security

3 Replies

Sort By
  • sachin_80710's avatar
    sachin_80710
    Icon for Nimbostratus rankNimbostratus
    Jan 17, 2013

    Even I m trying to do same. Requesr somebody to please address this query.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jan 30, 2013
    Sachin - have you tried using the URL flows and it hasn't worked? Could you supply more details of your issue so we can look to help, e.g. ASM version, errors you may have.

     

     

    I know you could always create an iRule with a referrer check so unless it's come from the correct referrer host then you could block access - this would stop people popping it straight into the browser bar. Of course the referrer header can be spoofed so this wouldn't be fool proof.

     

     

    What about once a user is logged in you set a cookie in the response - again you could, via an iRule check for this cookie and only allow if it's there.

     

     

    Hope this helps but get back with more info if not.

     

     

    N