F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 Fraud Protection Service: BIG-IP Configuration
  3. Adding Fraud Protection to the BIG-IP System
  4. Overview: Adding F5 Fraud Protection Service to the BIG-IP system
  5. Creating an initial anti-fraud Profile
  6. Defining URLs in the profile
Manual Chapter : Defining URLs in the profile

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.5.0, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter
Creating an initial anti-fraud Profile
Overview: Creating an initial profile
Configuring general properties for an anti-fraud profile
Defining URLs in the profile
Setting a URL or SPA view to be a login page
Configuring a post-login URL

Defining URLs in the profile

Define URLs in your
anti-fraud
 profile to ensure proper protection of your web site.
If you are creating a mobile security anti-fraud profile, the instructions in this section are not relevant.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the profile on which you want to define a URL.
    The
    Anti-Fraud
     Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the
    Add URL
     button.
    The Create New URL screen opens.
  5. In the
    URL Path
     field, choose one of the following types for the URL path:
    • Explicit
      : Assign a specific URL path.
    • Wildcard
      : Assign a wildcard expression URL. Any URL that matches the wildcard expression is considered legal and will receive protection. For example, typing the wildcard expression
      /*
       specifies that any URL is allowed.
    All URLs must start with a slash (
    /
    ), for both Explicit and Wildcard types.
    1. If you chose
      Explicit
      , type the URL path.
    2. If you chose
      Wildcard
      , type the wildcard expression URL and if you want it to include a query string, select the
      Include Query String
       check box.
      The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.
      Wildcard character
      Matches
      *
      All characters
      ?
      Any single character
      [abcde]
      Exactly one of the characters listed
      [!abcde]
      Any character not listed
      [a-e]
      Exactly one character in the range
      [!a-e]
      Any character not in the range
      If a wildcard character is actually used as part of a real URL and you don't want it to be treated as a wildcard character, use
      \
       and then the character to indicate that it should not be used as a wildcard character.
      Regular expressions should not be used in Wildcard URLs.
  6. For Application Type, ensure that
    Web
     is selected (selected by default).
  7. Click
    Advanced
    .
  8. If you want the
    FPS
     Main JavaScript to run on the web page of the URL, select the
    Enabled
     check box for
    Inject Main JavaScript
     (selected by default).
    When this setting is enabled, the
    FPS
     Main JavaScript also runs on all SPA views on this URL that are configured in the profile.
    • The
      FPS
       Main JavaScript protects web applications with the content types
      text/html
       and
      application/xhtml+xml
      . If your web application is based on a different content type, you cannot apply the
      FPS
       Main JavaScript protection on it.
    • Inject Main JavaScript
       can be disabled for web pages that do not require fraud protection and only receive data from a protected page.
    • If Malware Detection and Phishing Detection are enabled on the URL and then
      Inject Main JavaScript
       is disabled, Malware Detection and Phishing Detection will also be disabled but Request Signatures are still active.
  9. If you want to change the default location where the
    FPS
     Main JavaScript is injected in the URL's web page, at
    Location of Main JavaScript Injection
    , do the following:
    • Select a position for the Main JavaScript (either before or after the tag you define).
    • In the
      Tag
       field, type the tag for determining where the Main JavaScript is placed.
    The
    FPS
     Main JavaScript must be injected into the web page HTML before the CSS Element.
  10. If you want to change the default location of the Disabled JavaScript Detection Tag, at
    Location of Disabled JavaScript Detection Tag
     do the following:
    • Select a position for the Disabled JavaScript Detection Tag (either before or after the tag you define).
    • In the
      Tag
       field, type the tag for determining where the Disabled JavaScript Detection Tag is placed.
    The Disabled JavaScript Detection Tag detects if JavaScript has been disabled in your web browser.
    • For Internet Explorer browsers 9.0 and later versions, Disabled JavaScript Detection is not supported if the content type of your web application response is
      xhtml
      .
    • For web browsers other than Internet Explorer, if the content type of your web application response is
      xhtml
       you must use the default settings
      After
       and
      body
      .
  11. Leave the
    Additional function to be run before JavaScript load
     field blank unless instructed otherwise by F5.
  12. Click
    Create
     to save your initial URL settings.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information Cookie Preferences