Forum Discussion
Mohammed22_2207
Nimbostratus
NimbostratusHow to Detect and Block a Web Application?
Hi everyone,
I need your experience to help me to solve this issue.
I'm looking for a way to detect and block any requests generated from a web application, but allows all traffics from fro...
Mohammed22_2207Nimbostratus
NimbostratusSorry, I missed one importation point. I'm talking specifically about mobile web application. Browsing the website from mobile done by either by mobile application or regular web browser.
What I'm looking for is how to differentiate between these two agents. User-Agent header is not practical solution for my case. Is there any other way to do it? Is it possible for F5 ASM to discover if it is handling with mobile web application or a browser using some Technics?
Thank you.
daboochmeister
Cirrus
Cirrusis your goal solely to tell if users are accessing via a mobile browser vs. via your app? Because if so, your most straightforward option may be to adjust the mobile app code to insert a cookie into the session, and use an iRule or LTM policy to check for that cookie in the session. How important is it that your results be 100% correct? If so, that cookie approach can be "hardened" to be very difficult to spoof by maintaining e.g. a table of valid cookies (and making the cookie value hard to predict/replicate).
The ASM approaches mentioned can be quite sophisticated, but from my understanding aren't 100%. That may be fine for your situation .
