Manual Chapter :
Defining general settings for a user-defined malware type
Applies To:
Show Versions
BIG-IP FPS
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Defining general settings for a user-defined malware type
To apply FPS malware detection to a user-defined malware type, you must first
define general settings for the user-defined malware type.
- On the Main tab, click .The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Profile Configuration area, click .The list of user-defined malware types is displayed.The list of default malware types that FPS checks for is not displayed in the Malware List.
- ClickAdd.The Create New Malware screen opens.
- In the General Settings area, in theMalware Namefield type a name for the malware.You cannot create the malware type if you did not assign a name to the malware.
- In theIgnore predefined forbidden wordsfield, add words from the list that you want the BIG-IP system to ignore if they appear in the web application's HTML or JavaScript code.This list is used to prevent false-positive alerts caused by the BIG-IP system's default list of forbidden words.
- In theSearch for malicious function name patterns in AJAX requestsfield, add names of malicious function patterns that the FPS JavaScript will search for in AJAX requests.If the FPS JavaScript finds a name in an AJAX request from the client's web browser, an alert is generated.
- In theMatch these URL patterns in AJAX requests and external scriptsfield, add URL patterns that the FPS JavaScript will search for in AJAX requests and external scripts on the HTML code of the web page.If the FPS JavaScript finds a URL pattern in an AJAX request or external script, an alert is generated.
- ClickCreate.
The system creates the malware type with the general settings that you
defined.
