Manual Chapter : Setting a URL or SPA view to be a login page

Applies To:

Show Versions Show Versions
Manual Chapter

Setting a URL or SPA view to be a login page

Set a URL or Single Page Application (SPA) view in your anti-fraud profile to be a login page if you want to provide anti-fraud protection to a login page on your web site.
If you are creating a mobile security anti-fraud profile, the instructions in this section are not relevant.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL or view that you want to set as the login page, or click
    Add URL
    (or
    Add View
    ) if you want to create a new URL or view to be a login page.
  5. In the URL Configuration (or View Configuration) area, select
    Parameters
    .
    The Parameters list is displayed.
  6. Click the
    Add
    button.
    The Parameter Settings screen opens.
  7. In the
    Parameter Name
    field, choose one of the following types for the parameter name:
    • Explicit
      : Assign a specific parameter name.
    • Wildcard
      : Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression
      *
      specifies that any parameter name is allowed.
    1. If you chose
      Explicit
      , type the parameter name.
    2. If you chose
      Wildcard
      , type the wildcard expression.
      The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.
      Wildcard character
      Matches
      *
      All characters
      ?
      Any single character
      [abcde]
      Exactly one of the characters listed
      [!abcde]
      Any character not listed
      [a-e]
      Exactly one character in the range
      [!a-e]
      Any character not in the range
      If a wildcard character is actually used as part of a parameter name and you don't want it to be treated as a wildcard character, use
      \
      and then the character to indicate that it should not be used as a wildcard character.
      A regular expression should not be used as part of the wildcard expression for a parameter name.
  8. Select
    Identify as Username
    .
    Only one parameter per URL can have the attribute
    Identify as Username
    .
  9. Click
    Create
    and then
    Back to URL
    (or
    Back to View
    ).
  10. Under URL Configuration (or View Configuration) select
    Login Page Properties
    .
    Configuring the
    Login Page Properties
    is not required but recommended because a login cannot be verified as successful unless at least one of the criteria in the
    Login Page Properties
    is configured.
  11. For the
    URL is Login Page
    setting, select the
    Yes
    check box.
    The Login Page Properties appear.
    If
    URL is Login Page
    is enabled, you must configure at least one of the Login Page Properties. If you configure more than one Login Page Property, then all the criteria for all properties must be fulfilled for the BIG-IP system to consider the login successful.
  12. In the
    A string that should appear in the response body
    field, type a string that should appear in the successful response to the login URL.
  13. In the
    A string that should NOT appear in the response body
    field, type a string that should not appear in the successful response to the login URL.
  14. In the
    Expected HTTP response status code
    field, select
    Specify
    and type the HTTP response status code that the server must return to the user upon successful login, or select
    None
    .
    If you select
    None
    , HTTP response code is not used to determine a successful login.
  15. In the
    Expected response header
    field, type a header name that the successful response to the login URL must match.
  16. In the
    Expected cookie name
    field, type a cookie name that the successful response to the login URL must include.
  17. Click
    Save
    .
    The Login Page and Parameter settings are saved.
If the form action in the HTTP request from the login page does not refer to the login page URL, you need to also configure a post-login URL.