Manual Chapter : Creating an HTTP Request Signature based on a suspicious value in the payload of the HTTP request

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Creating an HTTP Request Signature based on a suspicious value in the payload of the HTTP request

Create an HTTP Request Signature based on a suspicious value in the payload of an HTTP request if you have seen a value in the payload of a previous HTTP request indicating malware may have infected the client's PC.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. In the URL List, click the URL on which you want to create the HTTP Request Signature.
    The URL Properties screen opens.
  5. In the URL Configuration area, select
    Request Signatures
    .
    The Request Signatures screen opens.
  6. From the
    Search In
    list, select
    Payload
    and click
    Add
    .
    A new row is added to the list of Request Signatures.
  7. For
    Search For Value
    , select one of the following:
    • Any
      : Select this if any value in the payload is considered suspicious.
    • Contains
      : Select this and type a value in the text field if there is a specific value that you want the system to search for in the payload of the HTTP request.
  8. In the Alert Component column, select an alert category from the list.
    The category you select here determines how the alert will be listed in the FPS Dashboard.
    1. If you select
      Malware Detection
      , the Malware List appears. From the Malware list, you can select the name of a user-defined malware.
      This name will appear in alerts that are sent if the system detects that the client's computing device is infected with malware that matches the criteria you define.
  9. Optional:
    In the Alert Message column, type a message to be displayed in the alert.
  10. Click
    Save
    .
    The system saves the HTTP Request Signature settings.