<a href="https://www.google.com" target="blank" class="button"> will be transformed to
<a id="fwb_4069875712" target="blank" class="button"> so that the crawlers can't recognize it. When the link is loaded in the client's browser, it will be re-converted to the original link.
Link cloaking supports processing the following link tags: <a>, <form>, <img>, <link>, and <object>.
FortiWeb has a similar feature which processes URL links, that is, URL Encryption. URL Encryption doesn't deal with the link tags, instead, it encrypts the link itself. For example,
<a href="HTTPS://example/login"> will be transformed to
<a href="EncryptedCode"> by URL Encryption. It can't prevent the links from being scanned by web crawlers because the link tag
href is still there.
To configure a link cloaking rule:
- Go to Web Protection > Advanced Protection > Link Cloaking.
- Select Link Cloaking Rule.
- Configure the following settings.
Name Enter a name for the rule. Host Status Enable to require that the
Host:field of the HTTP request matches a protected host name entry in order to match the link cloaking rule.
Host Select the protected host names entry (either a web host name or a IP address) that the
Host:field of the HTTP request must be in to match the rule.
Select whether the URL Pattern field must contain either:
Simple String—The field is a string that the request URL must match exactly.
Regular Expression—The field is a regular expression that defines a set of matching URLs.
Depending on your selection in Type, enter either:
- The literal URL, such as
/folder1/index.htmthat the HTTP request must contain in order to match the rule, or use wildcards to match multiple URLs, such as
/folder1/*/index.htm. The URL must begin with a slash (
- A regular expression, such as
^/*.php. This pattern does not require beginning with a slash ( / ); however, it must match URLs that begin with a slash.
Do not include the domain name, such as
www.example.com, which is configured separately in the Host drop-down list.
To create and test a regular expression, click the >> (test) icon. This opens the Regular Expression Validator window where you can fine-tune the expression. For details, see Regular expression syntax.
- Click OK.
- If you want to exclude certain links from Link Cloaking, click Create New to add it in the Exception List. Then type a literal URL or use regular expression to match multiple URLs.
To configure a Link Cloaking policy:
- Go to Web Protection > Advanced Protection > Link Cloaking
- Select Link Cloaking Policy.
- Enter a name for the Link Cloaking policy.
- Click OK.
- Click Create New to add Link Cloaking rules in the policy.
- Select the Link Cloaking rule.
- Click OK.
To use this policy, you need to refer it in a web protection profile.