F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 Fraud Protection Service: BIG-IP Configuration
  3. Creating HTTP Request Signatures
  4. Overview: Creating HTTP Request Signatures
  5. Creating an HTTP Request Signature based on a suspicious value in the HTTP header field
Manual Chapter : Creating an HTTP Request Signature based on a suspicious value in the HTTP header field

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Creating an HTTP Request Signature based on a suspicious value in the HTTP header field

Create an HTTP Request Signature based on a suspicious value in the header field of the HTTP request if you have seen a value in the header field of a previous HTTP request indicating malware may have infected the client's PC.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. In the URL List, click the URL on which you want to create the HTTP Request Signature.
    The URL Properties screen opens.
  5. In the URL Configuration area, select
    Request Signatures
    .
    The Request Signatures screen opens.
  6. From the
    Search In
     list, select
    Header
     and click
    Add
    .
    A new row is added to the list of Request Signatures.
  7. In the
    Header Name
     field in the row that was added, type the name of the field in the header of the HTTP request in which you want the BIG-IP system to search.
  8. For
    Search For Value
    , select one of the following:
    • Any
      : Select this if any value in the header field is considered suspicious.
    • Contains
      : Select this and type a value in the text field if there is a specific value that you want the system to search for in the header of the HTTP request.
  9. In the Alert Component column, select an alert category from the list.
    The category you select here determines how the alert will be listed in the FPS Dashboard.
    1. If you select
      Malware Detection
      , the Malware List appears. From the Malware list, you can select the name of a user-defined malware.
      This name will appear in alerts that are sent if the system detects that the client's computing device is infected with malware that matches the criteria you define.
  10. Optional:
     In the Alert Message column, type a message to be displayed in the alert.
  11. Click
    Save
    .
    The system saves the HTTP Request Signature settings.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information