Manual Chapter : Detecting Automatic Transactions on a URL or view

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Manual Chapter

Detecting Automatic Transactions on a URL or view

Use Automatic Transactions detection to check for the following types of malware activity on the web site of a URL:
  • Data manipulation in URL parameters.
  • Data manipulation in all AJAX requests
  • Removal of the Transaction Data cookie.
Automatic Transactions detection is typically enabled on only one URL or view per profile.
  1. On the Main tab, click
    Security
    Data Protection
    BIG-IP DataSafe
    .
    The BIG-IP DataSafe screen opens.
  2. From the list of profiles, select the relevant profile.
    The DataSafe Profile Properties screen opens.
  3. In the DataSafe Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL or view on which you want to configure Automatic Transactions detection (or click
    Add URL
    or
    Add View
    if you want to define a new URL or view with Automatic Transactions detection).
  5. In the URL Configuration (or View Configuration) area, select
    Automatic Transactions
    .
    The Automatic Transactions configuration options appear.
  6. Ensure that the
    Enabled
    check box for
    Automatic Transactions
    is selected.
  7. For
    Check for Security Context Integrity
    , select the
    Enabled
    check box if you want the system to check for removal of the Transaction Data cookie.
  8. Click
    Save
    .
    The configuration settings for the URL are saved and the
    BIG-IP DataSafe
    Profile Properties screen opens.
The BIG-IP system is now set to detect automatic transactions and removal of the Transactions Data cookie on the URL or view, and sends an alert if such activity is detected.
After configuring automatic transactions detection on the URL or view, you should do one of the following:
  • If the form action in the HTTP request from the web page you created above does not refer to the URL of the web page, you need to also configure a URL for receiving automatic transactions data.
  • Otherwise, you should configure data manipulation detection on the URL or view.