Manual Chapter : Encrypting data as it leaves the web browser

Applies To:

Show Versions Show Versions


  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Encrypting data as it leaves the web browser

Encrypt data as it leaves the web browser if you want to protect data that was entered by the user as it leaves the web browser.
  1. On the Main tab, click
    Fraud Protection Service
    Anti-Fraud Profiles
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    The URL List opens.
  4. Select the URL (or view) on which you want to encrypt data.
    The URL Properties (or View Properties) screen appears.
  5. In the URL Configuration (or View Configuration) area, select
    Application Layer Encryption
    The Application Layer Encryption settings are displayed.
  6. Ensure that the
    check box for
    Application Layer Encryption
    is selected.
  7. If you want to use a custom encryption algorithm on parameters (instead of the BIG-IP default encryption function), click
    and in the
    Custom Encryption Function
    field, type your custom encryption function.
    If you use a custom encryption function, you can not enable
    Real-Time Encryption
    on this URL or view. Real-Time Encryption encrypts passwords as the user types them.
    The custom encryption function encrypts all URL parameters where
    is disabled and
    Substitute Value
    is enabled on the parameter.
  8. In the URL Configuration (or View Configuration) area, select
    The Parameters list is displayed.
  9. Click the
    The Parameter Settings screen opens.
  10. In the
    Parameter Name
    field, choose one of the following types for the parameter name:
    • Explicit
      : Assign a specific parameter name.
    • Wildcard
      : Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression
      specifies that any parameter name is allowed.
    1. If you chose
      , type the parameter name.
    2. If you chose
      , type the wildcard expression.
      The syntax for wildcard entities is based on shell-style wildcard characters. This following table lists the wildcard characters that you can use so that the entity name matches multiple objects.
      Wildcard character
      All characters
      Any single character
      Exactly one of the characters listed
      Any character not listed
      Exactly one character in the range
      Any character not in the range
      If a wildcard character is actually used as part of a parameter name and you don't want it to be treated as a wildcard character, use
      and then the character to indicate that it should not be used as a wildcard character.
      A regular expression should not be used as part of the wildcard expression for a parameter name.
  11. In the Application Layer Encryption section, select the
    check box.
  12. If the parameter is for a password field and you want to use substitute values when the user inputs the password, select the
    Substitute Value
    check box.
    • This attribute should be applied only on parameters with the input type
    • This attribute cannot be enabled on a parameter that already has the
      Check Data Manipulation
    • If you assign
      Substitute Value
      to a password parameter, the web browser’s auto-complete feature for passwords does not work on this parameter.
    If you want a custom encryption function to be applied to this parameter, do not select the check boxes for both
    Substitute Value
    on the parameter. If you do this, the custom encryption function will not be applied to this parameter.
  13. Click
    The parameter settings are saved.
  14. Repeat steps 9-13 for every parameter you want the system to encrypt.
  15. Click
    The URL (or view) configuration settings are saved.
If the form action in the HTTP request from the web page you created above does not refer to the URL of the web page, you need to also configure a URL for decrypted data.