« previous next »
Pages: [1]   Go Down

Author Topic: Forced Browsing Path  (Read 187 times)

Offline Fransi

  • Contributor
  • *
  • Posts: 1
  • Karma: 0
Forced Browsing Path
« on: May 08, 2010, 10:28:50 PM »
Hi there,

Is there a way to enforce a certian browsing path in a way that no undesired jumps are allowed.

For example:

1) http://www.site.com/login.aspx
2) http://www.site.com/Main.aspx
3) http://www.site.com/Page1.aspx
4) http://www.site.com/Page2.aspx
5) http://www.site.com/logout.aspx

Where the sequence should not by violated, i.e. cann't reach Page1 without visiting Main, first, and so on.

Please advice..



Thanks,
Fransi  8)
Logged

Offline Paul B

  • Hero Member
  • *****
  • Posts: 123
  • Karma: 15
Re: Forced Browsing Path
« Reply #1 on: May 10, 2010, 04:29:16 PM »
Yes, I believe that the application firewall can probably / possibly do that.

Can't you just program this into the web pages, using cookies of something?
Logged

Offline Marco Schirrmeister

  • Sr. Member
  • ****
  • Posts: 96
  • Karma: 14
Re: Forced Browsing Path
« Reply #2 on: May 10, 2010, 10:09:01 PM »
I would also say it's more an application thing. Because what is if you access the server directly from somewhere internal? (if possible)
You could access the other sites without any problem.
Logged

Offline evildani

  • Administrator
  • Hero Member
  • *****
  • Posts: 290
  • Karma: 17
Re: Forced Browsing Path
« Reply #3 on: July 08, 2010, 01:30:02 AM »
Force full browsing on application firewall works differently, it keeps a record of the last visited page and all link to the current web page you are viewing. If that does not serve your purpose then you can do the following.
Upon the initial web page use a rewrite policy to insert an http header or  COOKIE to keep track of where the user is.
Then use a responder policy to select the traffic that does not contain either the header or the cookie, if the client has them, you can let them get through and use rewrite again to update the field in the headers, continue until you reach destination. If the user does not have the appropiate header, redirect them to the start, or to the last visited page... your choice...
I guess it is a lot of work, but it works...

Daniel
Logged
Pages: [1]   Go Up
« previous next »