Manual Chapter :
Encrypting data as it leaves the web browser
Applies To:
Show Versions
BIG-IP FPS
- 17.5.0, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Encrypting data as it leaves the web browser
Encrypt data as it leaves the web
browser if you want to protect data that was entered by the user as it leaves the web
browser.
- On the Main tab, click .The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickURL List.The URL List opens.
- Select the URL (or view) on which you want to encrypt data.The URL Properties (or View Properties) screen appears.
- In the URL Configuration (or View Configuration) area, selectApplication Layer Encryption.The Application Layer Encryption settings are displayed.
- Ensure that theEnabledcheck box forApplication Layer Encryptionis selected.
- If you want to use a custom encryption algorithm on parameters (instead of the BIG-IP default encryption function), clickCustomizeand in theCustom Encryption Functionfield, type your custom encryption function.If you use a custom encryption function, you can not enableReal-Time Encryptionon this URL or view. Real-Time Encryption encrypts passwords as the user types them.The custom encryption function encrypts all URL parameters whereEncryptis disabled andSubstitute Valueis enabled on the parameter.
- In the URL Configuration (or View Configuration) area, selectParameters.The Parameters list is displayed.
- Click theAddbutton.The Parameter Settings screen opens.
- In theParameter Namefield, choose one of the following types for the parameter name:
- Explicit: Assign a specific parameter name.
- Wildcard: Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression*specifies that any parameter name is allowed.
- If you choseExplicit, type the parameter name.
- If you choseWildcard, type the wildcard expression.The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.Wildcard characterMatches*All characters?Any single character[abcde]Exactly one of the characters listed[!abcde]Any character not listed[a-e]Exactly one character in the range[!a-e]Any character not in the rangeIf a wildcard character is actually used as part of a parameter name and you don't want it to be treated as a wildcard character, use\and then the character to indicate that it should not be used as a wildcard character.A regular expression should not be used as part of the wildcard expression for a parameter name.
- In the Application Layer Encryption section, select theEncryptcheck box.
- If the parameter is for a password field and you want to use substitute values when the user inputs the password, select theSubstitute Valuecheck box.
- This attribute should be applied only on parameters with the input typepassword.
- This attribute cannot be enabled on a parameter that already has theCheck Data Manipulationattribute.
- If you assignSubstitute Valueto a password parameter, the web browser’s auto-complete feature for passwords does not work on this parameter.
If you want a custom encryption function to be applied to this parameter, do not select the check boxes for bothEncryptandSubstitute Valueon the parameter. If you do this, the custom encryption function will not be applied to this parameter. - ClickCreate.The parameter settings are saved.
- Repeat steps 9-13 for every parameter you want the system to encrypt.
- ClickSave.The URL (or view) configuration settings are saved.
If the form action in the HTTP request from the
web page you created above does not refer to the URL of the web page, you need to also
configure a URL for decrypted data.
