Manual Chapter : Creating an HTTP Request Signature based on a suspicious value in the HTTP header field

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Creating an HTTP Request Signature based on a suspicious value in the HTTP header field

Create an HTTP Request Signature based on a suspicious value in the header field of the HTTP request if you have seen a value in the header field of a previous HTTP request indicating malware may have infected the client's PC.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. In the URL List, click the URL on which you want to create the HTTP Request Signature.
    The URL Properties screen opens.
  5. In the URL Configuration area, select
    Request Signatures
    .
    The Request Signatures screen opens.
  6. From the
    Search In
    list, select
    Header
    and click
    Add
    .
    A new row is added to the list of Request Signatures.
  7. In the
    Header Name
    field in the row that was added, type the name of the field in the header of the HTTP request in which you want the BIG-IP system to search.
  8. For
    Search For Value
    , select one of the following:
    • Any
      : Select this if any value in the header field is considered suspicious.
    • Contains
      : Select this and type a value in the text field if there is a specific value that you want the system to search for in the header of the HTTP request.
  9. In the Alert Component column, select an alert category from the list.
    The category you select here determines how the alert will be listed in the FPS Dashboard.
    1. If you select
      Malware Detection
      , the Malware List appears. From the Malware list, you can select the name of a user-defined malware.
      This name will appear in alerts that are sent if the system detects that the client's computing device is infected with malware that matches the criteria you define.
  10. Optional:
    In the Alert Message column, type a message to be displayed in the alert.
  11. Click
    Save
    .
    The system saves the HTTP Request Signature settings.