Manual Chapter : Detecting Automatic Transactions on a URL or view
Applies To:Show Versions
- 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Detecting Automatic Transactions on a URL or view
Use Automatic Transactions detection to check for the following types of malware activity on the web site of a URL:
- Data manipulation in URL parameters.
- Data manipulation in all AJAX requests
- Removal of the Transaction Data cookie.
Automatic Transactions detection is typically enabled on only one URL or view per profile.
- On the Main tab, click.The BIG-IP DataSafe screen opens.
- From the list of profiles, select the relevant profile.The DataSafe Profile Properties screen opens.
- In the DataSafe Configuration area, clickURL List.The URL List opens.
- Click the URL or view on which you want to configure Automatic Transactions detection (or clickAdd URLorAdd Viewif you want to define a new URL or view with Automatic Transactions detection).
- In the URL Configuration (or View Configuration) area, selectAutomatic Transactions.The Automatic Transactions configuration options appear.
- Ensure that theEnabledcheck box forAutomatic Transactionsis selected.
- ForCheck for Security Context Integrity, select theEnabledcheck box if you want the system to check for removal of the Transaction Data cookie.
- ClickSave.The configuration settings for the URL are saved and theBIG-IP DataSafeProfile Properties screen opens.
The BIG-IP system is now set to detect automatic transactions and removal of the Transactions Data cookie on the URL or view, and sends an alert if such activity is detected.
After configuring automatic transactions detection on the URL or view, you should do one of the following:
- If the form action in the HTTP request from the web page you created above does not refer to the URL of the web page, you need to also configure a URL for receiving automatic transactions data.
- Otherwise, you should configure data manipulation detection on the URL or view.