Manual Chapter : Encrypting data as it leaves the web browser

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Encrypting data as it leaves the web browser

Encrypt data as it leaves the web browser if you want to protect data that was entered by the user as it leaves the web browser.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Select the URL (or view) on which you want to encrypt data.
    The URL Properties (or View Properties) screen appears.
  5. In the URL Configuration (or View Configuration) area, select
    Application Layer Encryption
    .
    The Application Layer Encryption settings are displayed.
  6. Ensure that the
    Enabled
    check box for
    Application Layer Encryption
    is selected.
  7. If you want to use a custom encryption algorithm on parameters (instead of the BIG-IP default encryption function), click
    Customize
    and in the
    Custom Encryption Function
    field, type your custom encryption function.
    If you use a custom encryption function, you can not enable
    Real-Time Encryption
    on this URL or view. Real-Time Encryption encrypts passwords as the user types them.
    The custom encryption function encrypts all URL parameters where
    Encrypt
    is disabled and
    Substitute Value
    is enabled on the parameter.
  8. In the URL Configuration (or View Configuration) area, select
    Parameters
    .
    The Parameters list is displayed.
  9. Click the
    Add
    button.
    The Parameter Settings screen opens.
  10. In the
    Parameter Name
    field, choose one of the following types for the parameter name:
    • Explicit
      : Assign a specific parameter name.
    • Wildcard
      : Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression
      *
      specifies that any parameter name is allowed.
    1. If you chose
      Explicit
      , type the parameter name.
    2. If you chose
      Wildcard
      , type the wildcard expression.
      The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.
      Wildcard character
      Matches
      *
      All characters
      ?
      Any single character
      [abcde]
      Exactly one of the characters listed
      [!abcde]
      Any character not listed
      [a-e]
      Exactly one character in the range
      [!a-e]
      Any character not in the range
      If a wildcard character is actually used as part of a parameter name and you don't want it to be treated as a wildcard character, use
      \
      and then the character to indicate that it should not be used as a wildcard character.
      A regular expression should not be used as part of the wildcard expression for a parameter name.
  11. In the Application Layer Encryption section, select the
    Encrypt
    check box.
  12. If the parameter is for a password field and you want to use substitute values when the user inputs the password, select the
    Substitute Value
    check box.
    • This attribute should be applied only on parameters with the input type
      password
      .
    • This attribute cannot be enabled on a parameter that already has the
      Check Data Manipulation
      attribute.
    • If you assign
      Substitute Value
      to a password parameter, the web browser’s auto-complete feature for passwords does not work on this parameter.
    If you want a custom encryption function to be applied to this parameter, do not select the check boxes for both
    Encrypt
    and
    Substitute Value
    on the parameter. If you do this, the custom encryption function will not be applied to this parameter.
  13. Click
    Create
    .
    The parameter settings are saved.
  14. Repeat steps 9-13 for every parameter you want the system to encrypt.
  15. Click
    Save
    .
    The URL (or view) configuration settings are saved.
If the form action in the HTTP request from the web page you created above does not refer to the URL of the web page, you need to also configure a URL for decrypted data.