Airlock Gateway rewrite engine with URL encryption

Based on a powerful back-end HTML content rewriting engine Airlock Gateway provides advanced URL encryption and dynamic form protection functions. When enabled, dynamically encrypted URLs (in combination with cryptographically protected HTML forms) prevent anyone from sending illegal requests or malicious user data to the application server.

Section - URL Encryption

Example what an encrypted URL may look like in a browser:

Encrypted URL as seen in browsers address bar
  • These security functions can completely protect an application against forceful browsing attacks:
  • Users and attackers cannot retrieve information about the back-end applications because the URLs are encrypted.
  • No request manipulation or sending of invalid user input fields is possible anymore.

Dynamic allowlisting with URL encryption is a positive security model. There is no need for iterative re-learning!

  • At a glance:
  • The web application defines the allowed requests.
  • URL encryption is transparent and requires no changes to the application.
  • Only allowed URLs are forwarded to the application server. Everything else is blocked.
  • Airlock enforces secure application usage with dynamic allowlisting in real-time.
  • Only a positive security model can prevent unknown attacks and zero-day exploits. No learning phase is necessary for the Airlock Gateway URL encryption and Smart Form protection engine to instantly protect a Web application.

URL encryption in action

In this showcase, only a single entry URL (for https://www.myapp.demo) has been configured in Airlock Gateway. All further links and documents accessible from that entry page are then automatically protected.

  1. The user requests the web application's entry page, e.g. https://www.myapp.demo.
  2. The web application returns an HTML document containing many links that lead to further pages of the same web application, e.g. HTTP://192.168.1.123/news.php?include=news.txt.
  3. Airlock Gateway processes the document and encrypts all URLs, i.e. the path, file name, and others before returning e.g. https://www.myapp.com/$xp1/GMnGuYqPtCSYMQgb to the users' browser.
  4. The following is achieved:
    • All parameters of an URL are cryptographically protected against tampering.
    • Beyond the entry page, all further requests must have encrypted URLs.
    • Manipulated or unencrypted URLs will be blocked.
  5. Correct requests are decrypted and the original plain text URL is sent to web application.