Manual Chapter :
Creating an
HTTP Request Signature
based
on a suspicious value in the HTTP header field
Applies To:
Show VersionsBIG-IP FPS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Creating an
HTTP Request Signature
based
on a suspicious value in the HTTP header field
Create an
HTTP
Request Signature based on a suspicious value in the header field of
the
HTTP request if you have seen a value in the header field of a previous HTTP request
indicating malware may have infected the client's PC.
- On the Main tab, click.The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickURL List.The URL List opens.
- In the URL List, click the URL on which you want to create the HTTP Request Signature.The URL Properties screen opens.
- In the URL Configuration area, selectRequest Signatures.The Request Signatures screen opens.
- From theSearch Inlist, selectHeaderand clickAdd.A new row is added to the list of Request Signatures.
- In theHeader Namefield in the row that was added, type the name of the field in the header of the HTTP request in which you want the BIG-IP system to search.
- ForSearch For Value, select one of the following:
- Any: Select this if any value in the header field is considered suspicious.
- Contains: Select this and type a value in the text field if there is a specific value that you want the system to search for in the header of the HTTP request.
- In the Alert Component column, select an alert category from the list.The category you select here determines how the alert will be listed in the FPS Dashboard.
- If you selectMalware Detection, the Malware List appears. From the Malware list, you can select the name of a user-defined malware.This name will appear in alerts that are sent if the system detects that the client's computing device is infected with malware that matches the criteria you define.
- Optional:In the Alert Message column, type a message to be displayed in the alert.
- ClickSave.The system saves the HTTP Request Signature settings.