Manual Chapter : Configuring referrer checks

Applies To:

Show Versions Show Versions
Manual Chapter

Configuring referrer checks

Configure referrer checks on an anti-fraud profile if you want the system to examine requests for resources on web pages in the anti-fraud profile that come from domains outside of the anti-fraud profile.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the profile on which you want to configure referrer checks.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, select
    Advanced
    and then
    Phishing Detection
    .
    The Phishing Detection screen opens.
  4. Select the
    Enabled
    check box for the
    Referrer Checks
    setting.
    The Referrer Checks configuration options are displayed.
  5. In the
    Referrer Domain Whitelist
    field, type a list of external domains that are allowed to request resources from the protected web application.
  6. In the
    Check referrer header value in requests to these URLs
    field, type a list of URLs on which the system checks the referrer header value in the htttp request to determine if the request may have come from a phishing site.
    If you want the system to check referrer header value in http requests from URLs ending in a specific file type, type
    *.
    and then the file type. For example, if you want the system to check the referrer header value in requests from URLs ending with
    .gif
    , type
    *.gif
    .
  7. In the
    Ignore referrer checks for these URLs
    field, type a list of URLs where the system should not examine the referrer header value in requests.
  8. Click
    Save
    .
    The anti-fraud profile is updated with the changes you made.