Manual Chapter :
Configuring HTML field obfuscation
Applies To:
Show VersionsBIG-IP FPS
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Configuring HTML field obfuscation
Before configuring HTML field obfuscation,
Application Layer Encryption
must be
enabled on the URL or view.Configure HTML field obfuscation if you want the BIG-IP
system to encrypt the
name
attribute of all defined HTML
<input>
fields, and then decrypt them back to the original
name
on the BIG-IP system.- On the Main tab, click.The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickURL List.The URL List opens.
- Select the URL on which you want to configure HTML field obfuscation.The URL Properties screen appears.
- In the URL Configuration (or View Configuration) area, selectApplication Layer Encryption.The Application Layer Encryption settings are displayed.
- Select theEnabledcheck box for theHTML Field Obfuscationsetting.TheAdd Decoy Inputsfield is displayed.
- Select theEnabledcheck box for theAdd Decoy Inputssetting if you want the system to randomly, and continuously, generate and remove decoy<input>fields that are added to the web page.EnablingAdd Decoy Inputsmakes it harder for an attacker to identify sensitive information with either JavaScript or a proxy.
- ClickAdvancedand select theEnabledcheck box for theRemove Element IDssetting if you want the system to remove the ID attribute from URL parameters that have theObfuscateproperty.
- In the URL Configuration (or View Configuration) area, selectParameters.The Parameters list is displayed.
- Click theAddbutton.The Parameter Settings screen opens.
- In theParameter Namefield, choose one of the following types for the parameter name:
- Explicit: Assign a specific parameter name.
- Wildcard: Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression*specifies that any parameter name is allowed.
- In the Application Layer Encryption section, select theObfuscatecheck box.
- ClickCreate.The parameter settings are saved and the URL Properties (or View Properties) screen appears.
- Repeat steps 10-13 for every parameter you want the system to obfuscate.
- ClickSavein the URL/View Properties screen.The configuration settings for the URL or view are saved.