Manual Chapter : Detecting Automatic Transactions on a URL or view

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Detecting Automatic Transactions on a URL or view

Use Automatic Transactions detection to check for the following types of malware activity on the web site of a URL:
  • Automatic (bot) transactions generated by web robots on the web page.
  • Data manipulation in URL parameters.
  • Data manipulation in all AJAX requests
  • Removal of the Transaction Data cookie.
Automatic Transactions detection is typically enabled on only one URL or view per profile.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL or view on which you want to configure Automatic Transactions detection (or click
    Add URL
    or
    Add View
    if you want to define a new URL or view with Automatic Transactions detection).
  5. In the URL Configuration (or View Configuration) area, select
    Automatic Transactions
    .
    The Automatic Transactions configuration options appear.
  6. Ensure that the
    Enabled
    check box for
    Automatic Transactions
    is selected.
  7. For
    Browser Automation Detection
    , select the
    Enabled
    check box if you want the system to check for non-human control of the web browser.
  8. For
    Check for Security Context Integrity
    , select the
    Enabled
    check box if you want the system to check for removal of the Transaction Data cookie.
  9. Click
    Advanced
    .
  10. If the web page uses a
    Submit
    button that is not tagged as
    <input>
    or
    <button>
    , in the
    Name/CSS syntax field of non-standard submit buttons
    field:
    1. Type the name or CSS syntax of an ID, class, or tag name and precede it with the appropriate character as listed in the following table.
    2. Click
      Add
      .
    For example, for this HTML text:
    <img id="mySubmitId" class="mySubmitClass" name="mySubmitName" />
    , type any one of the following:
    Name/CSS syntax
    Precede it with...
    Example
    id
    #
    #mySubmitId
    class
    .
    .mySubmitClass
    tag name
    no prefix needed
    img
    name
    !
    !mySubmitName
  11. Click
    Save
    .
    The configuration settings for the URL are saved and the Anti-Fraud Profile Properties screen opens.
The BIG-IP system is now set to detect automatic transactions and removal of the Transactions Data cookie on the URL or view, and sends an alert to the FPS Dashboard if such activity is detected.
After configuring automatic transactions detection on the URL or view, you should do one of the following:
  • If the form action in the HTTP request from the web page you created above does not refer to the URL of the web page, you need to also configure a URL for receiving automatic transactions data.
  • Otherwise, you should configure data manipulation detection on the URL or view.