Follow

Validate Shape Defense Web Integration

Description

  • This article will provide steps to validate your Shape Defense website integration. 
  • How do you confirm the JS is being injected into the site?

Return to Integrating Shape Defense

 

Environment

  • Shape Defense for Web

Procedure

For all the tests below, spoof your local host file to the Silverline generated CNAME. For more information, see How to Test the Silverline Proxy Using 'hosts' File on Windows PC

 

Test Case 1: Shape JS is inserted on every HTML page

1. Open an incognito window and open the Network tab in Developer tools

2. Filter for the JS tag and inspect the network requests. 

3. Navigate to your website.

4. There will be a total of 3 requests with the following query string parameters, ?matcher, ?cache, ?async

5. Click on the ?matcher JS and look at the response. The response should define all the protected URL patterns that you have configured in your Shape Defense Protected URL configuration. This is how Shape JS knows which URLs to decorate.

 

Screen_Shot_2021-03-12_at_2.07.44_PM.png

 

Test Case 2: Shape telemetry attached to protected endpoint

Shape will inject JavaScript on every path on the proxy's configured FQDN but will only enable protection for the protected URLs that are explicitly defined in the portal.

1. Open Network tab in Developer tools

2. Filter the POST request

3. Navigate through the flow to hit the protected URLs

4. Verify that the Shape headers are seen as part of Headers or Form body

5. Verify that the traffic is marked as Human on the Shape Defense Summary UI. View transactions in Shape Defense Summary dashboard

 

Screen_Shot_2021-02-10_at_1.39.59_PM.png

 

 

If either of the tests above fail, investigate the root cause, or contact Silverline SOC  (support@f5silverline.com).

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request