F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 Fraud Protection Service: BIG-IP Configuration
  3. Encrypting Data on the Application Level
  4. Overview: Encrypting Data on the Application Level
  5. Removing JavaScript event listeners from parameters
Manual Chapter : Removing JavaScript event listeners from parameters

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Removing JavaScript event listeners from parameters

Before you can remove JavaScript event listeners from parameters, Application Layer Encryption must be enabled on the URL or view.
You can remove JavaScript event listeners from parameters to protect sensitive data in parameters from being obtained by potential attackers.
Some web applications add non-malicious event listeners that improve functionality. If you choose to activate removal of event listeners on parameters, this will remove all event listeners, including non-malicious ones added by the web application. Take this into account before deciding to activate removal of event listeners.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Select the URL or view on which you want to remove JavaScript event listeners.
    The URL Properties (or View Properties) screen opens.
  5. In the URL Configuration (or View Configuration) area, select
    Application Layer Encryption
    .
    The Application Layer Encryption settings are displayed.
  6. Click
    Advanced
     and select the
    Enabled
     check box for the
    Remove Event Listeners
     setting.
  7. In the URL Configuration (or View Configuration) area, select
    Parameters
    .
    The Parameters list is displayed.
  8. Click the
    Add
     button.
    The Parameter Settings screen opens.
  9. In the
    Parameter Name
     field, choose one of the following types for the parameter name:
    • Explicit
      : Assign a specific parameter name.
    • Wildcard
      : Assign a wildcard expression for the parameter name. Any parameter name that matches the wildcard expression is considered legal and receives protection. For example, typing the wildcard expression
      *
       specifies that any parameter name is allowed.
  10. In the Application Layer Encryption section, select the
    Obfuscate
     check box or the
    Substitute Value
     check box.
    If you assign the
    Substitute Value
     attribute to a password parameter, the web browser’s auto-complete feature for passwords does not work on this parameter.
  11. Click
    Create
    .
    The parameter settings are saved and the URL Properties (or View Properties) screen appears.
  12. Repeat steps 8-11 for every parameter on which you want to remove JavaScript event listeners.
  13. Click
    Save
     in the URL/View Properties screen.
    The configuration settings for the URL or view are saved.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information