Manual Chapter : Alert types that can trigger automated system responses
Applies To:Show Versions
- 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Alert types that can trigger automated system responses
In the Rules area of the Anti-Fraud Profile Properties screen, there are 13 alert types that you can select for triggering automated system responses. The tables in this section describe the various alerts that correspond to these 13 alert types.
Created when bait strings in the HTML of the client's browser wake up Trojan malware.
Detection of disabled enter key
Created when an Ajax request is sent to a domain that is not in the whitelist.
Created when a resource is requested from a domain not in the whitelist. In addition to the standard alert information, this alert contains a field called
Min, which shows the forbidden added HTML element and its contents in a URI encoded base-64 format.
Created when the system detects a self-removing malicious script on a web page.
Detection of matched URL patterns
Created if the system detects a match between a URL pattern in an AJAX request from the client and a URL pattern entered in the BIG-IP system when configuring a user-defined malware type.
Detection of matched SRC patterns
Created if the system detects a match between a SRC pattern in an external script from the client's web browser and a SRC pattern entered in the BIG-IP system when configuring a user-defined malware type.
Detection of malware's function names
Created if the system detects a malware function name in an AJAX request from a web page in the anti-fraud profile.
Self Bait External
Created when FPS Removed Scripts detection identifies an external script that was removed from the web page.
Same Domain Script Validation
Created when a script from the same domain as the protected web site is served by a malicious server.
Created when a phishing victim enters user credentials onto a phishing web site. The user name that appears in the alert is the user name that was entered into the phishing site.
Created when a Remote Access Trojan is detected.
Xtreme RAT Detected
Created when XtremeRAT malware is detected on a web page configured for FPS detection.
Created when text that was configured to always be visible is missing or hidden.
Client Network Connection
Created when the user's internet access to important domains appears restricted.
Client Side Missing Components
Config not loaded
Created when FPS configurations can not be parsed.
Created when the compulsory FPS cookie is missing despite FPS successfully creating the cookie.
Secure Alert Check Failed
This is a test alert used to check that alerts are properly sent from the client to the plugin.
Created if there is an unexpected number of HTML tags on the web page of the URL.
Deferred Execution Detected
Self Bait Inline
Created when FPS Removed Scripts detection identifies an inline script that was removed from the web page.
Created when the system detects that a user was referred to the real site from a suspicious source.
Server Side Missing Components
Created when the compulsory FPS cookie is missing.
Cmp check error
Created when one of the FPS client-side components did not complete successfully. This may indicate a dedicated malware attack.
Created when the compulsory FPS cookie does not match the web page that was viewed.
Got real password
Created when FPS receives unencrypted data that was supposed to be encrypted.
Wrong input size
Created when the actual size of the encrypted data does not match the expected size.
Created when secure channel decryption fails.
Created when the lifetime of the encrypted value was exceeded. This lifetime can be configured in the BIG-IP system (4 hours by default).
Created when encryption has failed for this user in the past and is now disabled.
Too long value
Created when the length of the encrypted parameter is too long to decrypt.
- Failed to extract
- Append buff failed
- Unseal len failed
- RSA retrieve failed
- Binary from hex failed
- RSA init failed
- RSA init padding failed
- RSA decrypt failed
- Binary from Hex Symmetric Key Failed
- Init symmetric key failed
Created when the expected cookie is missing or corrupted.
Created when the system detects that post-data has been modified after it was submitted.
Created when the system detects an automatic transaction on a web page.
Parameter too long
Created when at least one of the parameter values is too long to be checked by the data integrity module.