Manual Chapter : Detecting suspicious elements on a web page

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Detecting suspicious elements on a web page

You can enable detection of suspicious elements on your web page to allow FPS to check for malware that adds or removes suspicious HTML tags on your web page.
This type of detection can be applied only on the web page of a URL and not on the web page of an SPA view.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL on which you want to enable detection of suspicious elements (or click
    Add
    if you want to define a new URL and enable detection on it).
    The URL Properties screen opens.
  5. In the URL Configuration, select
    Malware Detection
    .
    The Malware Detection configuration options appear.
  6. Ensure that the
    Enabled
    check box for
    Malware Detection
    is selected.
  7. Click
    Advanced
    .
  8. Select the
    Enabled
    check box for the
    HTML Source Integrity
    setting.
    The source integrity feature counts input tags, form tags, and script tags that are inline (without
    src
    ) and external-relative (with
    src
    and on the same domain as the URL).
    The
    Learn Inputs
    ,
    Learn Forms
    , and
    Learn Scripts
    settings appear.
  9. If you want the system to learn the number of HTML input tags that appear in the web page of the URL, leave the
    Enabled
    check box for the
    Learn Inputs
    setting selected.
    If you disable the
    Learn Inputs
    setting, then the
    Number of Inputs
    setting appears. Type the number of HTML inputs that appear in the HTML code sent from the server in this setting.
  10. If you want the system to learn the number of HTML form tags that appear in the web page of the URL, leave the
    Enabled
    check box for the
    Learn Forms
    setting selected..
    If you disable the
    Learn Forms
    setting, then the
    Number of Forms
    setting appears. Type the number of HTML forms that appear in the HTML code sent from the server in this setting.
  11. If you want the system to learn the number of HTML script tags that appear in the web page of the URL, leave the
    Enabled
    check box for the
    Learn Scripts
    setting selected.
    If you disable this setting, then the
    Number of Scripts
    setting appears. Type the number of HTML scripts that appear in the HTML code sent from the server in this setting.
  12. Click
    Save
    .
    The URL configuration settings are saved.
FPS is now configured to send alerts to the FPS Dashboard if it detects malware that has added or removed suspicious HTML tags on your web page.