F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 Fraud Protection Service: BIG-IP Configuration
  3. Encrypting Data on the Application Level
  4. Overview: Encrypting Data on the Application Level
  5. Configuring HTML field obfuscation
Manual Chapter : Configuring HTML field obfuscation

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Configuring HTML field obfuscation

Before configuring HTML field obfuscation,
Application Layer Encryption
 must be enabled on the URL or view.
Configure HTML field obfuscation if you want the BIG-IP system to encrypt the
name
 attribute of all defined HTML
<input>
 fields, and then decrypt them back to the original
name
 on the BIG-IP system.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Select the URL on which you want to configure HTML field obfuscation.
    The URL Properties screen appears.
  5. In the URL Configuration (or View Configuration) area, select
    Application Layer Encryption
    .
    The Application Layer Encryption settings are displayed.
  6. Select the
    Enabled
     check box for the
    HTML Field Obfuscation
     setting.
    The
    Add Decoy Inputs
     field is displayed.
  7. Select the
    Enabled
     check box for the
    Add Decoy Inputs
     setting if you want the system to randomly, and continuously, generate and remove decoy
    <input>
     fields that are added to the web page.
    Enabling
    Add Decoy Inputs
     makes it harder for an attacker to identify sensitive information with either JavaScript or a proxy.
  8. Click
    Advanced
     and select the
    Enabled
     check box for the
    Remove Element IDs
     setting if you want the system to remove the ID attribute from URL parameters that have the
    Obfuscate
     property.
  9. In the URL Configuration (or View Configuration) area, select
    Parameters
    .
    The Parameters list is displayed.
  10. Click the
    Add
     button.
    The Parameter Settings screen opens.
  11. In the
    Parameter Name
     field, choose one of the following types for the parameter name:
    • Explicit
      : Assign a specific parameter name.
    • Wildcard
      : Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression
      *
       specifies that any parameter name is allowed.
  12. In the Application Layer Encryption section, select the
    Obfuscate
     check box.
  13. Click
    Create
    .
    The parameter settings are saved and the URL Properties (or View Properties) screen appears.
  14. Repeat steps 10-13 for every parameter you want the system to obfuscate.
  15. Click
    Save
     in the URL/View Properties screen.
    The configuration settings for the URL or view are saved.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information