Deep Linking Wizard

Purpose

You can start this application-specific wizard on the Wizards tab when you’ve selected an application in the navigation area.

Instead of using the CodeProfiler Import Wizard, you can also use Vulnerability Management for more advanced configuration.

The Deep Linking Wizard attempts to prevent links being created from third party sites to your web application. This can be useful if you offer valuable editorial content or downloads and finance the site via advertising, for example. The protection is provided using two different measures:

vWAF checks the HTTP referer header. Queries with an undesirable HTTP referer header are denied with the HTTP error code 403 (Forbidden).
The first query in an HTTP session may only be directed to specific “entry-point” pages. If the first request refers to a page that hasn’t explicitly been defined as the permitted entry page, vWAF responds to this with an HTTP redirect to a specific start page for your web application.

For more information regarding Wizards, see Using Wizards to Configure Applications.

Attributes

Attribute	Meaning
Application Entry Points	Here you can enter the pages of your web application that you want to explicitly permit as entry pages. If a link goes to one of these pages, the user is not redirected to the start page. Example: /demos/allowedentry.html
Default Start Page	Here, enter the page to which a user is to be redirected when a link points to a page that isn't included in the list under Application Entry Points. Example: /demo/welcomestranger.html
Valid HTTP Referers	Here, enter the HTTP referrers for which unrestricted access to any pages of your web application is to be possible-in other words to which the restrictions created above do not apply. By default, the hosts of the application whose security settings you're currently configuring are already entered. You must not delete or overwrite this entry because otherwise links within your web application are also redirected to the start page. Example: www.demohost.com

Attribute

Meaning

Application Entry Points

Here you can enter the pages of your web application that you want to explicitly permit as entry pages. If a link goes to one of these pages, the user is not redirected to the start page.

Example:

/demos/allowedentry.html

Default Start Page

Here, enter the page to which a user is to be redirected when a link points to a page that isn't included in the list under Application Entry Points.

Example:

/demo/welcomestranger.html

Valid HTTP Referers

Here, enter the HTTP referrers for which unrestricted access to any pages of your web application is to be possible-in other words to which the restrictions created above do not apply.

By default, the hosts of the application whose security settings you're currently configuring are already entered. You must not delete or overwrite this entry because otherwise links within your web application are also redirected to the start page.

Example:

www.demohost.com

Handlers configured by the Deep Linking Wizard

The Deep Linking Wizard configures the following handlers: