1 Reply Latest reply on Jun 16, 2011 12:08 PM by sliedl

    url re-writing



      i have a possible customer who needs a firewall protection to url re-writing  among other things.the customer is a university which have an electronic regestration system over the internet.

      now, students enter the website through an user name and password . after the system opens , the url contains a number which belongs to a table in the database which is fine, but it appeares that students can modify that number which will result in viewing other tables from the DB like employees salary which should not be viewed. this customer states that there is something called web application firewall (WAF) that could prevent this from happening.


      Does mcafee firewall prevent this? and if so, what type of configuration should be done inside the firewall?




        • 1. Re: url re-writing

          They should sanitize their input so people can't just change a URL to see things they should not see.  If you don't want someone to change a number, don't put the number in the URL.


          You could configure the HTTP application defense, under the HTTP URL Control tab, to Deny all URLs that match a string (or part of a string).  But, NO ONE will be able to go to those URLs then (through that rule).  The firewall cannot make a decision on allowing a specific person to see a URL or not.