URL encryption

What is URL encryption?

Dynamically encrypted URLs (combined with cryptographically protected HTML forms) prevent anyone
from sending illegal requests or malicious user data to the application server. Absolutely no internal
information about the Web application is revealed to potential attackers. Attackers cannot see the
request details or the URL parameters because they are encrypted.

Dynamic white-listing with URL encryption = positive security model
→ no need for iterative re-learning!

• The web application defines the allowed requests.
• Only allowed URLs are forwarded to the application server, everything else is blocked.
• Airlock enforces secure application usage with dynamic white-listing in real-time.
• Only a positive security model can prevent unknown attacks and zero-day exploits.

How does URL encryption work?

URL encryption is transparent and requires no changes to the application. There is no learning phase necessary for the URL encryption and Smart Form protection engine to instantly protect a Web application. The configuration is very simple: At least one entry URL must be defined (see configuration below). All further links and documents accessible from that entry page are then automatically protected.

Step by step example:

1. The user requests the web application's entry page, e.g. https://www.myapp.demo

2. The web application returns an HTML document containing many links that lead to further pages of the same web application.

3. Airlock processes the document and encrypts all URLs, i.e. the path, file name and all parameters of an URL are cryptographically protected against tampering.

4. Beyond the entry page, all further requests must have encrypted URLs. Manipulated or unencrypted URLs will be blocked.

5. Correct requests are decrypted and the original plain text URL is sent to web application.

Click on the thumbnail image to see an illustration of the steps 2-4.

How to configure URL encryption

There is a separate article that explains how to use URL encryption.