Manual Chapter : Configuring a CSS injection

Applies To:

Show Versions Show Versions
Manual Chapter

Configuring a CSS injection

CSS injection can only be performed in web pages in the anti-fraud profile where
JavaScript removal detection
has been enabled on the URL of the web page.
Configure a CSS injection on an anti-fraud profile to improve phishing detection by embedding a CSS file on one or more web pages in the anti-fraud profile.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the profile on which you want to configure the CSS injection.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, select
    Advanced
    and then
    Phishing Detection
    .
    The Phishing Detection screen opens.
  4. Select the
    Enabled
    check box for the
    Inject into Application CSS
    setting if you want the system to inject phishing detection CSS code into the real CSS file(s) specified in the anti-fraud profile.
    If
    Inject into Application CSS
    is enabled, the
    Application CSS Locations
    field is displayed.
    1. In the
      Application CSS Locations
      field, add the location(s) of the CSS file(s) in the web pages specified in the anti-fraud profile.
  5. If you did not enable
    Inject into Application CSS
    , in the
    CSS Location
    field use the default file name and path (or specify a JavaScript removal protection file name and its path within the web application directory if instructed to do so by F5 support).
    • This setting should not be changed without first consulting F5 support.
    • This setting does not appear if you enabled
      Inject into Application CSS
      .
  6. In the
    CSS Attribute Name
    field, type an attribute name or use the default name.
  7. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  8. For every URL in your profile with Phishing Detection enabled, perform the following steps:
    1. Click on the URL name in the URL List.
      The URL Properties screen opens.
    2. In the URL Configuration area, select
      Phishing Detection
      .
    3. Click
      Advanced
      .
    4. In the
      Location of CSS Link Injection
      field, select whether you want the CSS Link tag to be injected before or after the tag that you specify in the
      Tag
      field.
    5. In the
      Location of CSS Element Injection
      field, select whether you want the CSS element, which triggers the CSS link, to be injected before or after the tag that you specify in the
      Tag
      field.
  9. Click
    Save
    in the URL Properties screen.
    The Anti-Fraud Profile Properties screen opens.
  10. Click
    Save
    in the Anti-Fraud Profile Properties screen.
    The anti-fraud profile is updated with the changes you made.