Manual Chapter :
Creating an HTTP Request Signature based on a suspicious value in
the payload of the HTTP request
Applies To:
Show VersionsBIG-IP FPS
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Creating an HTTP Request Signature based on a suspicious value in
the payload of the HTTP request
Create an HTTP Request Signature based on a
suspicious value in the payload of an HTTP request if you have seen a value in the
payload of a previous HTTP request indicating malware may have infected the client's
PC.
- On the Main tab, click.The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickURL List.The URL List opens.
- In the URL List, click the URL on which you want to create the HTTP Request Signature.The URL Properties screen opens.
- In the URL Configuration area, selectRequest Signatures.The Request Signatures screen opens.
- From theSearch Inlist, selectPayloadand clickAdd.A new row is added to the list of Request Signatures.
- ForSearch For Value, select one of the following:
- Any: Select this if any value in the payload is considered suspicious.
- Contains: Select this and type a value in the text field if there is a specific value that you want the system to search for in the payload of the HTTP request.
- In the Alert Component column, select an alert category from the list.The category you select here determines how the alert will be listed in the FPS Dashboard.
- If you selectMalware Detection, the Malware List appears. From the Malware list, you can select the name of a user-defined malware.This name will appear in alerts that are sent if the system detects that the client's computing device is infected with malware that matches the criteria you define.
- Optional:In the Alert Message column, type a message to be displayed in the alert.
- ClickSave.The system saves the HTTP Request Signature settings.