Applies To:

Show Versions Show Versions

Manual Chapter: Securing HTTP Traffic Using the Default System Configuration
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Securing HTTP traffic

With the BIG-IP® Protocol Security Module™ you can configure an HTTP security profile so that it performs the following security checks on HTTP traffic:

  • HTTP protocol compliance validation
  • Evasion technique detection
  • Cross-site scripting (XSS) and SQL injection attack detection (but not prevention)
  • Length checking to help avoid buffer overflow attacks
  • HTTP method validation
  • Inclusion or exclusion of certain files by type
  • Mandatory header enforcement
  • Data masking using Data Guard to protect sensitive data
  • Acceptable response code validation
  • XML data format and well-formedness checks

You can also specify how you want the system to respond when it encounters a violation. If the system detects a violation and you enabled the Block flag for that violation, instead of forwarding the request, the Protocol Security Module can either send a blocking response page or redirect the client to a different location.

Creating an HTTP service profile with security enabled

The easiest method for initiating HTTP protocol security for your HTTP virtual server traffic is to use the system default settings. You do this by enabling protocol security for the system-supplied HTTP service profile, and then associating that service profile with a virtual server.

  1. On the Main tab, click Local Traffic > Profiles > Services > HTTP . The HTTP profile list screen opens.
  2. In the Name column, click http. The Properties screen for the system-supplied HTTP profile opens.
  3. Select the Protocol Security check box to enable HTTP security checks.
  4. Click Update.
You now have a security enabled service profile that you can associate with a virtual server so that HTTP protocol checks are performed on the traffic that the HTTP virtual server receives.

Reviewing violations statistics for security profiles

Protocol Security Module provides statistics and transaction information for each profile that triggers any of the security violations defined by each service profile. If you enable the Alarm flag for a violation and incoming traffic triggers the violation, the Protocol Security Module logs the request, which you can review on the Statistics screen of the Protocol Security Module. If you enable the Block flag for any of the violations, the Protocol Security Module blocks the request.
  1. On the Main tab, click Protocol Security > Statistics . The Protocol Statistics screen opens listing all violations, organized by protocol, with the number of occurrences.
  2. Enter a Support ID if you have one to filter the violations and view one in particular.
  3. Click a violation's hyperlink to see details about the requests causing the violation. On the Statistics screen, in the left column, you can review information regarding the traffic volume for each security profile configured.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)