F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 Fraud Protection Service: BIG-IP Configuration
  3. Detecting Automatic Transactions
  4. Overview: Detecting Automatic Transactions
  5. Detecting Automatic Transactions on a URL or view
Manual Chapter : Detecting Automatic Transactions on a URL or view

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Detecting Automatic Transactions on a URL or view

Use Automatic Transactions detection to check for the following types of malware activity on the web site of a URL:
  • Automatic (bot) transactions generated by web robots on the web page.
  • Data manipulation in URL parameters.
  • Data manipulation in all AJAX requests
  • Removal of the Transaction Data cookie.
Automatic Transactions detection is typically enabled on only one URL or view per profile.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL or view on which you want to configure Automatic Transactions detection (or click
    Add URL
     or
    Add View
     if you want to define a new URL or view with Automatic Transactions detection).
  5. In the URL Configuration (or View Configuration) area, select
    Automatic Transactions
    .
    The Automatic Transactions configuration options appear.
  6. Ensure that the
    Enabled
     check box for
    Automatic Transactions
     is selected.
  7. For
    Browser Automation Detection
    , select the
    Enabled
     check box if you want the system to check for non-human control of the web browser.
  8. For
    Check for Security Context Integrity
    , select the
    Enabled
     check box if you want the system to check for removal of the Transaction Data cookie.
  9. Click
    Advanced
    .
  10. If the web page uses a
    Submit
     button that is not tagged as
    <input>
     or
    <button>
    , in the
    Name/CSS syntax field of non-standard submit buttons
     field:
    1. Type the name or CSS syntax of an ID, class, or tag name and precede it with the appropriate character as listed in the following table.
    2. Click
      Add
      .
    For example, for this HTML text:
    <img id="mySubmitId" class="mySubmitClass" name="mySubmitName" />
    , type any one of the following:
    Name/CSS syntax
    Precede it with...
    Example
    id
    #
    #mySubmitId
    class
    .
    .mySubmitClass
    tag name
    no prefix needed
    img
    name
    !
    !mySubmitName
  11. Click
    Save
    .
    The configuration settings for the URL are saved and the Anti-Fraud Profile Properties screen opens.
The BIG-IP system is now set to detect automatic transactions and removal of the Transactions Data cookie on the URL or view, and sends an alert to the FPS Dashboard if such activity is detected.
After configuring automatic transactions detection on the URL or view, you should do one of the following:
  • If the form action in the HTTP request from the web page you created above does not refer to the URL of the web page, you need to also configure a URL for receiving automatic transactions data.
  • Otherwise, you should configure data manipulation detection on the URL or view.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information