Configuration example cases for URL encryption

Prerequisites

Tooltip:

During implementation, in some cases, it is necessary to use tools to analyze the responses, in order to find the URLs which are not encrypted and may cause trouble. For most modern browsers, addons or extensions are available that can be used for this purpose such as Tamper Chrome or Tamper Data for Mozilla Firefox.

Standard case

To trigger URL encryption, Airlock Gateway must recognize the URLs sent in the response from the backend application server. URL encryption requires a matching response header redirect (which triggers the 302 status code) or placement of the response URL according to common HTML specifications.

  • Example for HTML tags that trigger URL encryption:
  • HTML-Tags like <a href="...">, <img src="...">, etc.
  • Meta-Tags like <meta http-equiv="refresh" content="5;URL="/rootpath/path1/">.

Only absolute URLs with the same protocol and hostname the last request was referred to will be encrypted.
Example: <a href="http://www.mydomain.com/rootpath/path">...

External, absolute links with different hostname and protocol will not be encrypted.
Example: <a href="http://www.otherdomain.com/path">...

Special cases

If URLs appear scattered in the HTML document, it is possible to use special rules to tell Airlock Gateway how to recognize such a URL.

  • Examples would be:
  • Embedded source <script> or <style> parts.
  • Events e.g. JavaScript attributes as onload, onclick, etc.

The syntax to mark a URL that has to be encrypted is ?<URL>URL.

Most rewrite response rules follow a pattern of (all-before-URL)(URL)(all-after-URL) that is replaced in the form of $1$2$3.

Rewrite Response Body (HTML only) for URL encryption
Show moreShow less

Example for an URL within an array:

<script type="text/javascript"> 
loadFunctions = function() { 
sfHover(Array('mainNavigation'), Array('li')); 
preloadImages(Array('fileadmin/images/logo.jpg')); 
} 
 
if (window.attachEvent) { 
window.attachEvent("onload", loadFunctions); 
} 
</script>

Example of URL Pattern

Replace with

Standard solution:

(Array\(['"]?)(?<URL>.*)(['"]?\))
$1$2$3

More advanced1 solution:

(Array\(['"]?)(?<URL>[^)'"]*)(['"]?\))
$1$2$3
1

[^)'"] means that ), ' and " are not included in the URL and are used to define the end of the URL.

Rewrite rules based on JavaScript events (e.g. onclick or onload) also use the same principle as above but additionally require the Events option to be enabled.

Example for multiple arrays containing URLs in JavaScript:

<script language="javascript"> 
... 
Array("res/xslt/navigation.xslt"); 
Array("res/xslt/status_header.xslt","res/xslt/status_ncb.xslt"); 
Array("ajax_navigation"); 
... 
</script>

Example of JavaScript code

Replace with

(Array\(['"]?)(?<URL>[^'")]*)(['"],['"])?(?<URL>[^'")]*)?(['"]?\))
$1$2$3$4$5

The result of the replacement is:

<script language="javascript"> 
...  
Array("/javascript/$xp2/8C24M2dZcjIwytNV77oIs79jjcxO2IH/rm5uW+xNvDYI6L55qRpErKvw9JPol9kt$/p/p/p/p/p/p"); 
Array("/javascript/$xp2/936f...0zjx1HoH9+....YxAY5e08Xzm+ECYt5rQ==$/p/p/p/p/p/p","/javascript/$xp2/gL8h32...3RrOAZUtA==$/p/p/p/p/p/p"); 
Array("/javascript/$xp2/3H83hf5W3/164AoUgVD34TSkLfj3XdhvPn8S7kjk8Fc85ZWXMO4wxHIB3fvZhXLJ$/p/p/p/p/p/p"); 
... 
</script> 

Special URLs and special content types

URLs may appear scattered in other document types such as text/CSS. It is possible to configure special rules to allow Airlock Gateway to detect such a URL. Most often this is used for image URLs in CSS files with content type text/css.

In the section Rewrite Response Body (any content) define a pattern using Rewrite Stylesheet URLs to detect and encrypt the URL in our example code:

Example:

.calendar thead tr { background: url("/jira/includes/js/calendar/skins/aqua/title-bg.gif") repeat-x 0 100%; color: #000; } 
.calendar thead .title { /* This holds the current "month, year" */ 
font-weight: bold; /* Pressing it will take you to the current date */ 
text-align: center; 
padding: 2px;

The syntax to mark a URL that has to be encrypted is ?<URL>URL.

Rewrtie Response Body (any content) for Rewrite Stylesheet URLs

Rewrite Response Body (any content) can also be used if URLs are placed at non HTML conform locations in HTML documents (content-type: text/html).

When will URL encryption not work?

URL encryption does not work if URLs are built or assembled dynamically on the client-side e.g. by JavaScript functions.

Example:

window.location ='/dp/english/e_services.jsp?Page=A1'+'&sinj02_Title='+variable+'&isSearch=tr';

Define such URLs as exception patterns:

URL Encryption Path Exception Pattern example