Manual Chapter : Configuring HTML field obfuscation

Applies To:

Show Versions Show Versions
Manual Chapter

Configuring HTML field obfuscation

Before configuring HTML field obfuscation,
Application Layer Encryption
must be enabled on the URL or view.
Configure HTML field obfuscation if you want the BIG-IP system to encrypt the
name
attribute of all defined HTML
<input>
fields, and then decrypt them back to the original
name
on the BIG-IP system.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Select the URL on which you want to configure HTML field obfuscation.
    The URL Properties screen appears.
  5. In the URL Configuration (or View Configuration) area, select
    Application Layer Encryption
    .
    The Application Layer Encryption settings are displayed.
  6. Select the
    Enabled
    check box for the
    HTML Field Obfuscation
    setting.
    The
    Add Decoy Inputs
    field is displayed.
  7. Select the
    Enabled
    check box for the
    Add Decoy Inputs
    setting if you want the system to randomly, and continuously, generate and remove decoy
    <input>
    fields that are added to the web page.
    Enabling
    Add Decoy Inputs
    makes it harder for an attacker to identify sensitive information with either JavaScript or a proxy.
  8. Click
    Advanced
    and select the
    Enabled
    check box for the
    Remove Element IDs
    setting if you want the system to remove the ID attribute from URL parameters that have the
    Obfuscate
    property.
  9. In the URL Configuration (or View Configuration) area, select
    Parameters
    .
    The Parameters list is displayed.
  10. Click the
    Add
    button.
    The Parameter Settings screen opens.
  11. In the
    Parameter Name
    field, choose one of the following types for the parameter name:
    • Explicit
      : Assign a specific parameter name.
    • Wildcard
      : Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression
      *
      specifies that any parameter name is allowed.
  12. In the Application Layer Encryption section, select the
    Obfuscate
    check box.
  13. Click
    Create
    .
    The parameter settings are saved and the URL Properties (or View Properties) screen appears.
  14. Repeat steps 10-13 for every parameter you want the system to obfuscate.
  15. Click
    Save
    in the URL/View Properties screen.
    The configuration settings for the URL or view are saved.