Manual Chapter :
Detecting suspicious elements on a web page
Applies To:
Show VersionsBIG-IP FPS
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Detecting suspicious elements on a web page
You can enable detection of suspicious elements on
your web page to allow FPS to check for malware that adds or removes suspicious HTML
tags on your web page.
This type of detection can be applied
only on the web page of a URL and not on the web page of an SPA
view.
- On the Main tab, click.The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickURL List.The URL List opens.
- Click the URL on which you want to enable detection of suspicious elements (or clickAddif you want to define a new URL and enable detection on it).The URL Properties screen opens.
- In the URL Configuration, selectMalware Detection.The Malware Detection configuration options appear.
- Ensure that theEnabledcheck box forMalware Detectionis selected.
- ClickAdvanced.
- Select theEnabledcheck box for theHTML Source Integritysetting.The source integrity feature counts input tags, form tags, and script tags that are inline (withoutsrc) and external-relative (withsrcand on the same domain as the URL).TheLearn Inputs,Learn Forms, andLearn Scriptssettings appear.
- If you want the system to learn the number of HTML input tags that appear in the web page of the URL, leave theEnabledcheck box for theLearn Inputssetting selected.If you disable theLearn Inputssetting, then theNumber of Inputssetting appears. Type the number of HTML inputs that appear in the HTML code sent from the server in this setting.
- If you want the system to learn the number of HTML form tags that appear in the web page of the URL, leave theEnabledcheck box for theLearn Formssetting selected..If you disable theLearn Formssetting, then theNumber of Formssetting appears. Type the number of HTML forms that appear in the HTML code sent from the server in this setting.
- If you want the system to learn the number of HTML script tags that appear in the web page of the URL, leave theEnabledcheck box for theLearn Scriptssetting selected.If you disable this setting, then theNumber of Scriptssetting appears. Type the number of HTML scripts that appear in the HTML code sent from the server in this setting.
- ClickSave.The URL configuration settings are saved.
FPS is now configured to send alerts to the FPS Dashboard if it detects malware that
has added or removed suspicious HTML tags on your web page.