Scroll

URL prettyfying and encryption

URL prettyfying and encryption

Avatar
Yannick Abbe
Follow
Summary This article is a description of a Webprod feature
Applies to askiaweb
Written for developers ; security administrators ; field managers
Keywords URL ; short ; pretty ; prettify ; webprod ; 5.3.5 ; link ; encryption ; feature ; highlight

In v5.3.5 of WebProd we added 2 often-requested features: 

  1. URL prettyfying
  2. URL encryption

 

Introduction

When starting a web interview, we normally need links like this:

http://askia.com/WebProd/cgi-bin/askiaext.dll?Action=StartSurvey&SurveyName=MySurvey

This has two main drawbacks:

  • It isn’t very pretty to look at
  • People can add/remove/modify parameters

 Both issues have been addressed:

  • We added ‘pretty’ links
  • It’s possible to encrypt links

URL prettifying

To start an interview, you can now use a link like this:

http://askia.com/WebProd/Start/MySurvey

You have to admit this looks much nicer, no?

If post/redirect/get is enabled (this option can be selected while installing Webprod), you’ll also have a pretty link visible in the location bar while the interview is in progress. It will look like this:

http://askia.com/WebProd/Interview/UCARYAZAJOBGLAGGWUFMKPOENKFEROBV

Instead of this:

http://askia.com/WebProd/cgi-bin/AskiaExt.dll?Action=DoInterview&Survey=UCARYAZAJOBGLAGG&Intvw=WUFMKPOENKFEROBV

Here’s the full list of available links to start an interview:

You’ll see that all links looks the same – the only way to see which link type is used is the number of parameters. Note that it is still possible to add additional parameters. You’ll just lose some of the prettiness:

http://askia.com/WebProd/Start/MySurvey?Language=EN

URL Encryption

To prevent users from messing with the links, you can choose to distribute encrypted links instead of clear text links. An added benefit is that these encrypted links are also quite a bit shorter than the original links. That’s because known parts (like Action=StartSurvey) are replaced by placeholders.

This link for example:

http://askia.com/WebProd/cgi-bin/askiaext.dll?Action=StartSurvey&SurveyName=MySurvey

Would be encrypted to something like this:

http://askia.com/WebProd/~O1p1PnpkpSI

A DoExternalPanel link (which is normally quite long), will also be quite a bit shorter. This link for example:

http://BERTR-PC/WebProd/cgi-bin/askiaext.dll?Action=DoExternalPanel&Survey=PAVCAHBAMRSGUAGB&Broker=123&BrokerPanelId=abcdef

Will become something like this:

http://BERTR-PC/WebProd/~9Q6fW1qhe2QV3edpNKJi_Q

Extra parameters are also possible, but the encrypted link gets a bit longer.

This:

http://askia.com/WebProd/cgi-bin/askiaext.dll?Action=StartSurvey&SurveyName=MySurvey&Test1=abc&Test2=123

Will become something like this:

http://askia.com/WebProd/~Q8eKHqMooeHBGuKJ3a5V4Ljz-ztnYw0ac0LdEH!H97k

Which is quite a bit longer than the link above 

Encrypting an URL

To get an encrypted URL you can use AskiaExt as well, using the Action=EncryptLink, and the parameters (the part after the question mark) as the ‘Link’ parameter.
For this request for example:

http://askia.com/WebProd/cgi-bin/askiaext.dll?Action=EncryptLink&Link=Action%3DStartSurvey%26SurveyName%3DMySurvey

You will get a plain text encrypted value back like this:
O1p1PnpkpSI

To use this in a link you have to include the prefix yourself (including a ~ to indicate this is an encrypted link). So in our case we have to start each link with http://askia.com/WebProd/~

Note that you have to URL-encode the link parameter!
So instead of using

                Link=Action=StartSurvey&SurveyName=MySurvey

You have to use

                Link=Action%3DStartSurvey%26SurveyName%3DMySurvey

It’s also possible to use a ‘pretty’ version of this command which doesn’t require URL encoding:

http://askia.com/WebProd/EncryptLink/Action=StartSurvey&SurveyName=MySurvey

Will also return the encrypted value

 

Installation

Enabling this is optional, and not difficult at all.

All this functionality is provided by an embedded ISAPI filter, which allows us to intercept and change URL requests.
Enabling this is as easy as installing the ISAPI filter.

Here’s how:

  • In IIS Manager, go to the WebSite’s configuration (not the server configuration!)
  • Open the ISAPI Filters item (by double-clicking it)
  • Click on ‘add’ in the right-side menu:
  • Enter a name, and the path to AskiaExt.dll:
  • When you click ‘OK’, you’re done! (no IISReset or application pool is necessary) 

Final remarks 

  • You can use the original links, pretty links, and encrypted links concurrently
  • When you install the ISAPI filter (and post/redirect/get is enabled) the browser will always contain the pretty URL once the interview is started (…/WebProd/Interview/JDJSJJSDJ…).
    You can still start/resume new interviews using all three link types.
  • When post/redirect/get is disabled and you start an interview using a pretty link, the browser will show a non-pretty link once the interview is started.
  • Even if an interview is started with an encrypted link, once an interview is started you’ll always see either a pretty link or a regular link.
    We could implement encryption of this link as well if necessary.
  • You can get an error while encrypting a link if the link to encrypt has a length greater than 260 characters. It's because the Http.sys service is coded with default maximum of 260 characters per Url segment. The solution here is to add a regkey on the Webprod server. Key to add:               

                Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters

                Value: UrlSegmentMaxLength

                Type: Reg_DWORD

                Data: Desired amount. (Max Value is 32766)

Restarting the PC is required after having added this key.

Have more questions? Submit a request

Comments

Related articles