Encrypt Telerik WebResource Querystring
You can choose to encrypt the querystring parameters that the Telerik WebResource request has in order to make them unreadable for a third party inspecting the network traffic as of Q3 2015.
This feature affects RadScriptManager and RadStyleSheetManager, and the Telerik.Web.UI.WebResoruce.axd handler.
<appSettings>
<add key="Telerik.ScriptManager.EnableHandlerEncryption" value="true"/>
</appSettings>
You must also ensure that the encrypted URL will not be trimmed which will break the request.
. . . .
<httpRuntime maxRequestLength="204800" executionTimeout="36000" maxQueryStringLength="4096"/>
. . . .
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="209715200" maxQueryString="4096" maxUrl="4096" />
</requestFiltering>
</security>
See Also
Here is the whole web.config file:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="Telerik.ScriptManager.EnableHandlerEncryption" value="true"/>
<add key="Telerik.Skin" value="Bootstrap" />
<add key="Telerik.ScriptManager.TelerikCdn" value="Disabled" />
<add key="Telerik.StyleSheetManager.TelerikCdn" value="Disabled" />
<add key="Telerik.Web.UI.RenderMode" value="lightweight" />
</appSettings>
<system.web>
<compilation debug="false" targetFramework="4.8.1" />
<httpRuntime targetFramework="4.8.1" maxRequestLength="204800" executionTimeout="36000" maxQueryStringLength="4096"/>
<pages>
<controls>
<add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
</controls>
</pages>
<httpHandlers>
<add path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" validate="false" />
<add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false" />
<add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />
<add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" />
<add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false" />
</httpHandlers>
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="209715200" maxQueryString="4096" maxUrl="4096" />
</requestFiltering>
</security>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="ChartImage_axd" />
<add name="ChartImage_axd" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" preCondition="integratedMode" />
<remove name="Telerik_Web_UI_SpellCheckHandler_axd" />
<add name="Telerik_Web_UI_SpellCheckHandler_axd" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" preCondition="integratedMode" />
<remove name="Telerik_Web_UI_DialogHandler_aspx" />
<add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode" />
<remove name="Telerik_RadUploadProgressHandler_ashx" />
<add name="Telerik_RadUploadProgressHandler_ashx" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" preCondition="integratedMode" />
<remove name="Telerik_Web_UI_WebResource_axd" />
<add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" preCondition="integratedMode" />
</handlers>
</system.webServer>
</configuration>
You can find more information in the Security article and Setting the web.config File articles.