F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 Fraud Protection Service: BIG-IP Configuration
  3. Detecting Malware
  4. Overview: Detecting Malware
  5. Detecting suspicious elements on a web page
Manual Chapter : Detecting suspicious elements on a web page

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Detecting suspicious elements on a web page

You can enable detection of suspicious elements on your web page to allow FPS to check for malware that adds or removes suspicious HTML tags on your web page.
This type of detection can be applied only on the web page of a URL and not on the web page of an SPA view.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL on which you want to enable detection of suspicious elements (or click
    Add
     if you want to define a new URL and enable detection on it).
    The URL Properties screen opens.
  5. In the URL Configuration, select
    Malware Detection
    .
    The Malware Detection configuration options appear.
  6. Ensure that the
    Enabled
     check box for
    Malware Detection
     is selected.
  7. Click
    Advanced
    .
  8. Select the
    Enabled
     check box for the
    HTML Source Integrity
     setting.
    The source integrity feature counts input tags, form tags, and script tags that are inline (without
    src
    ) and external-relative (with
    src
     and on the same domain as the URL).
    The
    Learn Inputs
    ,
    Learn Forms
    , and
    Learn Scripts
     settings appear.
  9. If you want the system to learn the number of HTML input tags that appear in the web page of the URL, leave the
    Enabled
    check box for the
    Learn Inputs
     setting selected.
    If you disable the
    Learn Inputs
     setting, then the
    Number of Inputs
     setting appears. Type the number of HTML inputs that appear in the HTML code sent from the server in this setting.
  10. If you want the system to learn the number of HTML form tags that appear in the web page of the URL, leave the
    Enabled
     check box for the
    Learn Forms
     setting selected..
    If you disable the
    Learn Forms
     setting, then the
    Number of Forms
     setting appears. Type the number of HTML forms that appear in the HTML code sent from the server in this setting.
  11. If you want the system to learn the number of HTML script tags that appear in the web page of the URL, leave the
    Enabled
     check box for the
    Learn Scripts
     setting selected.
    If you disable this setting, then the
    Number of Scripts
     setting appears. Type the number of HTML scripts that appear in the HTML code sent from the server in this setting.
  12. Click
    Save
    .
    The URL configuration settings are saved.
FPS is now configured to send alerts to the FPS Dashboard if it detects malware that has added or removed suspicious HTML tags on your web page.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information