Manual Chapter : Common elements for anti-fraud profile tasks

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 15.0.0
Manual Chapter

Common elements for anti-fraud profile tasks

  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. Click
    Create
    .
    The Anti-Fraud Profile Properties screen opens.
  3. From the list of profiles, select the relevant profile.
    The
    Anti-Fraud
    DataSafe
    Profile Properties screen opens.
  4. From the
    General Configuration
    list, select
    Advanced
    .
    Selecting
    Advanced
    allows you to configure settings for
    URLs are case sensitive
    ,
    Alert Path
    ,
    JavaScript Directory
    , and
    Additional function to be run before JavaScript load
    . If you do not want to configure any of these settings, retain the default setting (
    Basic
    ).
  5. Select
    Advanced
    for the
    General Configuration
    setting.
  6. In the General Settings area of the
    Anti-Fraud
    DataSafe
    Profile Properties screen, click
    Advanced
    .
    The Advanced settings appear.
  7. Select the
    Customize All
    check box.
  8. In the
    Profile Name
    field, type a unique name for the profile.
  9. From the
    Parent Profile
    list, choose which parent profile you want to base your profile on.
    • All undefined properties in the profile you are creating will be inherited from the parent profile. And any future changes to those properties in the parent profile will be automatically inherited by the profile you are creating.
    • The following properties from the parent profile are not inherited: URL properties, user-defined Rules, mobile security properties, and User Enforcement settings.
  10. If your web application is case-sensitive to URLs, do the following:
    1. Click
      Advanced
      under the
      Log Publisher
      field.
      The Advanced settings appear.
    2. For the
      URLs are case sensitive
      setting, select the
      Enabled
      check box.
      • You should enable this setting only if your web application is case-sensitive to URLs.
      • This setting cannot be changed after the initial creation of an anti-fraud profile and does not affect parameters in the Anti-Fraud Profile.
      • This setting does not affect the MobileSafe SDK, where URLs are always case-sensitive.
  11. In the
    Alert Path
    field, use the automatically generated path, or define your own path.
    If you define your own path, ensure that the path is not used by any other field in the anti-fraud profile and that it is not an already existing URL.
  12. In the
    Alert Identifier
    field:
    • For the FPS Alerts Dashboard in the BIG-IQ, type the customer ID that was defined in the dashboard.
    • For the cloud dashboard, type the Alert Identifier provided to you by the SOC.
  13. Leave the
    Additional function to be run before JavaScript load
    field blank unless instructed otherwise by F5.
  14. For the
    JavaScript Directory
    field, use the automatically generated path, or define your own.
    If you define your own path, ensure that the path is not used by any other field in the anti-fraud profile and that it is not an already existing URL.
  15. From the
    Alert Pool
    list, select the alert pool that you previously created.
  16. If you already created a Log Publisher, select it from the
    Log Publisher
    list.
    If you did not create a Log Publisher (
    None
    is currently selected), create one as follows:
    1. Click the icon next to the
      Log Publisher
      list.
      A text box appears.
    2. Type a name for the
      Log Publisher
      in the text box.
  17. For the
    Check PATH_INFO in URL
    field, select the
    Enabled
    check box if you want the URL on this profile to use the
    path_info
    parameter.
    The
    path_info
    parameter protects requested URLs with a trailing path name that follow URLs protected in the URLs List. If
    Check PATH_INFO in URL
    is disabled, the system protects URLs in the URLs List but does not protect URLs with a trailing path name that follow URLs displayed in the URLs List. The default is disabled.
  18. For the
    Trigger iRule Events
    field, select the
    Enabled
    check box if you have written an iRule to handle logins and/or anti-fraud alerts.
    Enable this setting only if you have written an iRule to handle the ANTIFRAUD_ALERT event or the ANTIFRAUD_LOGIN event, and the iRule is associated with the same virtual server that your profile is associated with.
  19. In the URL Properties screen, under URL Configuration, select
    Application Layer Encryption
    .
  20. For
    Application Layer Encryption
    , select the
    Enabled
    check box.
    The Application Layer Encryption configuration options appear.
  21. In the Create New URL screen (or URL Properties screen), click
    Finished
    .
    The Create New Anti-Fraud Profile screen (or Anti-Fraud Profile Properties screen) opens.
  22. Click
    Finished
    in the Create New Anti-Fraud Profile (or Anti-Fraud Profile Properties) screen.
    The anti-fraud profile is created (or updated).
  23. Click
    Save
    .
    The anti-fraud profile is updated with the changes you made.
  24. In the Anti-Fraud Profiles screen, from the list select the profile on which you want to perform advanced configuration.
    The Anti-Fraud Profile Properties screen opens.
  25. In the Anti-Fraud Profiles screen, from the list select the profile on which you want to configure malware detection.
    The Anti-Fraud Profile Properties screen opens.
  26. In the Anti-Fraud Configuration area, click
    Malware Detection
    General Settings
    .
  27. Click
    Advanced
    in the Malware Detection area of the screen.
  28. In the Anti-Fraud Profiles screen, click the mobile security anti-fraud profile in the profiles list.
    The Anti-Fraud Profile Properties screen opens.
  29. In the Anti-Fraud Configuration area, click
    Mobile Security
    .
    The list of Mobile Security configuration options appear.
  30. In the Anti-Fraud Configuration area, click
    User Enforcement
    .
    The User Enforcement screen opens.
  31. Click the
    Add
    button.
    The Add Username with Single Mode pop-up screen opens.
  32. In the Add Username with Single Mode pop-up screen, assign a user name.
  33. Click
    Add
    .
    The system adds the user name to the User Enforcement table.
  34. Optional
    : At
    Auto Refresh
    , choose a time interval for how often the information in the User Enforcement table is refreshed. The default value is
    Disabled
    .
  35. Click
    Save
    .
    The URL configuration settings are saved.
  36. In the Anti-Fraud Profiles screen, from the list select the profile on which you want to assign a system response.
    The Anti-Fraud Profile Properties screen opens.
  37. In the Anti-Fraud Configuration area, click
    Rules
    .
    A list of alert types appears.
  38. In the list of alert types, click the alert type for which you want to define a system response.
    The alert type appears in the Rules area.
  39. In the Rules area, select the
    Enabled
    check box next to the alert type.
  40. If the alert type you selected is generated on the client-side by JavaScript, in the
    Minimum score to perform action
    field type a score between
    0-100
    .
    The
    Minimum score to perform action
    field only appears for alert types that are generated on the client-side by JavaScript.
  41. In the
    Enforcement Policy
    field, select either
    Limited Time
    or
    Unlimited Time
    .
  42. If you selected
    Limited Time
    in the previous step, in the
    Duration
    field, type a time limit (in minutes).
  43. Click
    Save
    .
    The rule is now active.
  44. In the URL Configuration (or View Configuration) area, select
    Parameters
    .
  45. Click the
    Add
    button.
    The Parameter Settings screen opens.
  46. From the list of profiles, select the profile on which you want to configure phishing detection.
    The Anti-Fraud Profile Properties screen opens.
  47. In the Anti-Fraud Configuration area, select
    Advanced
    and then
    Phishing Detection
    .
    The Phishing Detection screen opens.
  48. In the General Settings area of the URL Properties screen, click
    Advanced
    .
    The
    Inject JavaScript
    setting appears.
  49. Select the
    Enabled
    check box for
    Inject JavaScript
    .
  50. Click the
    Add URL
    button.
    The Create New URL screen opens.
  51. In the URL Configuration (or View Configuration) area, select
    Application Layer Encryption
    .
    The Application Layer Encryption settings are displayed.
  52. In the URL Configuration area, select
    Request Signatures
    .
    The Request Signatures screen opens.
  53. In the Alert Component column, select an alert category from the list.
    The category you select here determines how the alert will be listed in the FPS Dashboard.
    1. If you select
      Malware Detection
      , the Malware List appears. From the Malware list, you can select the name of a user-defined malware.
      This name will appear in alerts that are sent if the system detects that the client's computing device is infected with malware that matches the criteria you define.
  54. In the Alert Message column, type a text message to be displayed in the alert.
  55. Click
    Save
    .
    The system saves the HTTP Request Signature settings.
  56. In the
    Anti-Fraud
    DataSafe
    Configuration area, click
    URL List
    .
    The URL List opens.
  57. In the URL List, click the URL on which you want to create the HTTP Request Signature.
    The URL Properties screen opens.
  58. From the list of profiles, select the profile on which you want to configure Automatic Transactions detection.
    The Anti-Fraud Profile Properties screen opens.
  59. Click the URL or view on which you want to configure Automatic Transactions detection (or click
    Add URL
    or
    Add View
    if you want to define a new URL or view with Automatic Transactions detection).
  60. From the list of profiles, select the profile that has the URL on which you want to create an alert.
    The Anti-Fraud Profile Properties screen opens.
  61. From the list of profiles, select the profile on which you want to define a malware type.
    The Anti-Fraud Profile Properties screen opens.
  62. In the Anti-Fraud Configuration area, click
    Malware Detection
    Malware List
    .
    The list of user-defined malware types is displayed.
  63. In the URL Configuration (or View Configuration) area, select
    Malware Detection
    .
    The Malware Detection configuration options appear.
  64. Ensure that the
    Enabled
    check box for
    Malware Detection
    is selected.
  65. In the URL Configuration (or View Configuration) area, select
    Automatic Transactions
    .
    The Automatic Transactions configuration options appear.
  66. Ensure that the
    Enabled
    check box for
    Automatic Transactions
    is selected.
  67. In the parameter row within the table, select
    Obfuscate
    .
  68. Click the
    Clone
    button.
    The Clone URL pop-up screen opens.
  69. In the
    URL Path
    field, type the URL that is referred to in the form action of the HTTP request.
  70. Optional: In the
    Description
    field, type a description for the URL.
  71. If you don’t want
    to encrypt data
    any of the FPS detection features to run
    on the web page of the new URL, disable the
    Inject JavaScript
    setting.
  72. Click the
    Clone
    button in the Clone URL pop-up screen.
    Once the new URL is created, there is no further dependency on the source URL and any future changes made to the source URL are not inherited by the new URL.
  73. On the Main tab, click
    Security
    Data Protection
    BIG-IP DataSafe
    .
    The BIG-IP DataSafe screen opens.
  74. In the
    URL Path
    field, choose one of the following types for the URL path:
    • Explicit
      : Assign a specific URL path.
    • Wildcard
      : Assign a wildcard expression URL. Any URL that matches the wildcard expression is considered legal and will receive protection. For example, typing the wildcard expression
      /*
      specifies that any URL is allowed.
    All URLs must start with a slash (
    /
    ), for both Explicit and Wildcard types.
    1. If you chose
      Explicit
      , type the URL path.
    2. If you chose
      Wildcard
      , type the wildcard expression URL and if you want it to include a query string, select the
      Include Query String
      check box.
      The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.
      Wildcard character
      Matches
      *
      All characters
      ?
      Any single character
      [abcde]
      Exactly one of the characters listed
      [!abcde]
      Any character not listed
      [a-e]
      Exactly one character in the range
      [!a-e]
      Any character not in the range
      If a wildcard character is actually used as part of a real URL and you don't want it to be treated as a wildcard character, use
      \
      and then the character to indicate that it should not be used as a wildcard character.
      Regular expressions should not be used in Wildcard URLs.
  75. Leave the
    Additional function to be run before JavaScript load
    field blank unless instructed otherwise by F5®.
  76. In the
    Parameter Name
    field, choose one of the following types for the parameter name:
    • Explicit
      : Assign a specific parameter name.
    • Wildcard
      : Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression
      *
      specifies that any parameter name is allowed.
    1. If you chose
      Explicit
      , type the parameter name.
    2. If you chose
      Wildcard
      , type the wildcard expression.
      The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.
      Wildcard character
      Matches
      *
      All characters
      ?
      Any single character
      [abcde]
      Exactly one of the characters listed
      [!abcde]
      Any character not listed
      [a-e]
      Exactly one character in the range
      [!a-e]
      Any character not in the range
      If a wildcard character is actually used as part of a parameter name and you don't want it to be treated as a wildcard character, use
      \
      and then the character to indicate that it should not be used as a wildcard character.
      A regular expression should not be used as part of the wildcard expression for a parameter name.
  77. If you don’t want any of the FPS detection features to run on the web page of the URL for decrypted data, disable the
    Inject JavaScript
    setting.
  78. Optional:
    In the Alert Message column, type a message to be displayed in the alert.