Manual Chapter :
Common elements for
anti-fraud profile tasks
Applies To:
Show VersionsBIG-IP APM
- 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Common elements for
anti-fraud profile tasks
- On the Main tab, click.The Anti-Fraud Profiles screen opens.
- ClickCreate.The Anti-Fraud Profile Properties screen opens.
- From the list of profiles, select the relevant profile.TheAnti-FraudDataSafeProfile Properties screen opens.
- From theGeneral Configurationlist, selectAdvanced.SelectingAdvancedallows you to configure settings forURLs are case sensitive,Alert Path,JavaScript Directory, andAdditional function to be run before JavaScript load. If you do not want to configure any of these settings, retain the default setting (Basic).
- SelectAdvancedfor theGeneral Configurationsetting.
- In the General Settings area of theAnti-FraudProfile Properties screen, clickAdvanced.The Advanced settings appear.
- Select theCustomize Allcheck box.
- In theProfile Namefield, type a unique name for the profile.
- From theParent Profilelist, choose which parent profile you want to base your profile on.
- All undefined properties in the profile you are creating will be inherited from the parent profile. And any future changes to those properties in the parent profile will be automatically inherited by the profile you are creating.
- The following properties from the parent profile are not inherited: URL properties, user-defined Rules, mobile security properties, and User Enforcement settings.
- If your web application is case-sensitive to URLs, do the following:
- ClickAdvancedunder theLog Publisherfield.The Advanced settings appear.
- For theURLs are case sensitivesetting, select theEnabledcheck box.
- You should enable this setting only if your web application is case-sensitive to URLs.
- This setting cannot be changed after the initial creation of an anti-fraud profile and does not affect parameters in the Anti-Fraud Profile.
- This setting does not affect the MobileSafe SDK, where URLs are always case-sensitive.
- In theAlert Pathfield, use the automatically generated path, or define your own path.If you define your own path, ensure that the path is not used by any other field in the anti-fraud profile and that it is not an already existing URL.
- In theAlert Identifierfield:
- For an on-premise dashboard, type the customer ID that was defined in the dashboard.
- For the cloud dashboard, type the Alert Identifier provided to you by the SOC.
- Leave theAdditional function to be run before JavaScript loadfield blank unless instructed otherwise by F5.
- For theJavaScript Directoryfield, use the automatically generated path, or define your own.If you define your own path, ensure that the path is not used by any other field in the anti-fraud profile and that it is not an already existing URL.
- From theAlert Poollist, select the alert pool that you previously created.
- If you already created a Log Publisher, select it from theLog Publisherlist.If you did not create a Log Publisher (Noneis currently selected), create one as follows:
- Click the icon next to theLog Publisherlist.A text box appears.
- Type a name for theLog Publisherin the text box.
- For theCheck PATH_INFO in URLfield, select theEnabledcheck box if you want the URL on this profile to use thepath_infoparameter.Thepath_infoparameter protects requested URLs with a trailing path name that follow URLs protected in the URLs List. IfCheck PATH_INFO in URLis disabled, the system protects URLs in the URLs List but does not protect URLs with a trailing path name that follow URLs displayed in the URLs List. The default is disabled.
- For theTrigger iRule Eventsfield, select theEnabledcheck box if you have written an iRule to handle logins and/or anti-fraud alerts.Enable this setting only if you have written an iRule to handle the ANTIFRAUD_ALERT event or the ANTIFRAUD_LOGIN event, and the iRule is associated with the same virtual server that your profile is associated with.
- In the URL Properties screen, under URL Configuration, selectApplication Layer Encryption.
- ForApplication Layer Encryption, select theEnabledcheck box.The Application Layer Encryption configuration options appear.
- In the Create New URL screen (or URL Properties screen), clickFinished.The Create New Anti-Fraud Profile screen (or Anti-Fraud Profile Properties screen) opens.
- ClickFinishedin the Create New Anti-Fraud Profile (or Anti-Fraud Profile Properties) screen.The anti-fraud profile is created (or updated).
- ClickSave.The anti-fraud profile is updated with the changes you made.
- In the Anti-Fraud Profiles screen, from the list select the profile on which you want to perform advanced configuration.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Profiles screen, from the list select the profile on which you want to configure malware detection.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, click.
- ClickAdvancedin the Malware Detection area of the screen.
- In the Anti-Fraud Profiles screen, click the mobile security anti-fraud profile in the profiles list.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickMobile Security.The list of Mobile Security configuration options appear.
- In the Anti-Fraud Configuration area, clickUser Enforcement.The User Enforcement screen opens.
- Click theAddbutton.The Add Username with Single Mode pop-up screen opens.
- In the Add Username with Single Mode pop-up screen, assign a user name.
- ClickAdd.The system adds the user name to the User Enforcement table.
- Optional: AtAuto Refresh, choose a time interval for how often the information in the User Enforcement table is refreshed. The default value isDisabled.
- ClickSave.The URL configuration settings are saved.
- In the Anti-Fraud Profiles screen, from the list select the profile on which you want to assign a system response.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickRules.A list of alert types appears.
- In the list of alert types, click the alert type for which you want to define a system response.The alert type appears in the Rules area.
- In the Rules area, select theEnabledcheck box next to the alert type.
- If the alert type you selected is generated on the client-side by JavaScript, in theMinimum score to perform actionfield type a score between0-100.TheMinimum score to perform actionfield only appears for alert types that are generated on the client-side by JavaScript.
- In theEnforcement Policyfield, select eitherLimited TimeorUnlimited Time.
- If you selectedLimited Timein the previous step, in theDurationfield, type a time limit (in minutes).
- ClickSave.The rule is now active.
- In the URL Configuration (or View Configuration) area, selectParameters.
- Click theAddbutton.The Parameter Settings screen opens.
- From the list of profiles, select the profile on which you want to configure phishing detection.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, selectAdvancedand thenPhishing Detection.The Phishing Detection screen opens.
- In the General Settings area of the URL Properties screen, clickAdvanced.TheInject JavaScriptsetting appears.
- Select theEnabledcheck box forInject JavaScript.
- Click theAdd URLbutton.The Create New URL screen opens.
- In the URL Configuration (or View Configuration) area, selectApplication Layer Encryption.The Application Layer Encryption settings are displayed.
- In the URL Configuration area, selectUser-Defined Alerts.The User Defined Alerts screen opens.
- In the Alert Component column, select an alert category from the list.The category you select here determines how the alert will be listed in the FPS Dashboard.
- If you selectMalware Detection, the Malware List appears. From the Malware list, you can select the name of a user-defined malware.This name will appear in alerts that are sent if the system detects that the client's computing device is infected with malware that matches the criteria you define.
- In the Alert Message column, type a text message to be displayed in the alert.
- ClickSave.The system saves the alert settings.
- In theAnti-FraudDataSafeConfiguration area, clickURL List.The URL List opens.
- In the URL List, click the URL on which you want to create an alert.The URL Properties screen opens.
- From the list of profiles, select the profile on which you want to configure Automatic Transactions detection.The Anti-Fraud Profile Properties screen opens.
- Click the URL or view on which you want to configure Automatic Transactions detection (or clickAdd URLorAdd Viewif you want to define a new URL or view with Automatic Transactions detection).
- From the list of profiles, select the profile that has the URL on which you want to create an alert.The Anti-Fraud Profile Properties screen opens.
- From the list of profiles, select the profile on which you want to define a malware type.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, click.The list of user-defined malware types is displayed.
- In the URL Configuration (or View Configuration) area, selectMalware Detection.The Malware Detection configuration options appear.
- Ensure that theEnabledcheck box forMalware Detectionis selected.
- In the URL Configuration (or View Configuration) area, selectAutomatic Transactions.The Automatic Transactions configuration options appear.
- Ensure that theEnabledcheck box forAutomatic Transactionsis selected.
- In the parameter row within the table, selectObfuscate.
- Click theClonebutton.The Clone URL pop-up screen opens.
- In theURL Pathfield, type the URL that is referred to in the form action of the HTTP request.
- Optional: In theDescriptionfield, type a description for the URL.
- If you don’t wantto encrypt dataany of the FPS detection features to runon the web page of the new URL, disable theInject JavaScriptsetting.
- Click theClonebutton in the Clone URL pop-up screen.Once the new URL is created, there is no further dependency on the source URL and any future changes made to the source URL are not inherited by the new URL.
- On the Main tab, click.The DataSafe Profiles screen opens.
- In theURL Pathfield, choose one of the following types for the URL path:
- Explicit: Assign a specific URL path.
- Wildcard: Assign a wildcard expression URL. Any URL that matches the wildcard expression is considered legal and will receive protection. For example, typing the wildcard expression/*specifies that any URL is allowed.
All URLs must start with a slash (/), for both Explicit and Wildcard types.- If you choseExplicit, type the URL path.
- If you choseWildcard, type the wildcard expression URL and if you want it to include a query string, select theInclude Query Stringcheck box.The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.Wildcard characterMatches*All characters?Any single character[abcde]Exactly one of the characters listed[!abcde]Any character not listed[a-e]Exactly one character in the range[!a-e]Any character not in the rangeIf a wildcard character is actually used as part of a real URL and you don't want it to be treated as a wildcard character, use\and then the character to indicate that it should not be used as a wildcard character.Regular expressions should not be used in Wildcard URLs.
- Leave theAdditional function to be run before JavaScript loadfield blank unless instructed otherwise by F5.
- In theParameter Namefield, choose one of the following types for the parameter name:
- Explicit: Assign a specific parameter name.
- Wildcard: Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression*specifies that any parameter name is allowed.
- If you choseExplicit, type the parameter name.
- If you choseWildcard, type the wildcard expression.The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.Wildcard characterMatches*All characters?Any single character[abcde]Exactly one of the characters listed[!abcde]Any character not listed[a-e]Exactly one character in the range[!a-e]Any character not in the rangeIf a wildcard character is actually used as part of a parameter name and you don't want it to be treated as a wildcard character, use\and then the character to indicate that it should not be used as a wildcard character.A regular expression should not be used as part of the wildcard expression for a parameter name.
- If you don’t want any of the FPS detection features to run on the web page of the URL for decrypted data, disable theInject JavaScriptsetting.
- Optional:In the Alert Message column, type a message to be displayed in the alert.