Leverage BIG-IP 17.1 Distributed Cloud Services to Integrate F5 Distributed Cloud Bot Defense
Introduction:
The F5 Distributed Cloud (XC) Bot Defense protects web and mobile properties from automated attacks by identifying and mitigating malicious bots. The Bot Defense uses JavaScript and API calls to collect telemetry and mitigate malicious users.
The F5 Distributed Cloud (XC) Bot Defense is available in Standard and Enterprise service levels. In both the service levels the Bot Defense is available for traffic form web, web scarping, and mobile. The web scrapping is only applicable to web endpoints.
This article will show you how to configure and use F5 Distributed Cloud Bot Defense (XC Bot Defense) on BIG-IP version 17.1 and above and monitor the solution on F5 Distributed Cloud Console (XC Console).
Prerequisites:
- A valid XC Console account. If you don't have an account, visit Create a Distributed Cloud Console Account.
- An Organization plan. If you don't have an Organization plan, upgrade your plan.
Getting Started:
Log In to F5 XC Console:
If XC Bot Defense isn't enabled, a Bot Defense landing page appears. Select Request Service to enable XC Bot Defense.
If XC Bot Defense is enabled, you will see the tiles. Select Bot Defense.
Verify you are in the correct Namespace. If your Namespace does not have any Protected Applications you will see the following page.
- Click Add Protected Application
When you select a Namespace that has been configured with Protected Applications you will see this page.
Scroll down to Manage
- Click Applications
- Click Add Application
The Protected Application page is presented.
Enter:
- Name
- Labels
- Description
- Select the Application Region - US in this example
- Connector Type - BIG-IP iApp for this demo. Cloudfront and Custom are other available connectors
Scroll to the bottom and Click Save and Exit
That will take you back to the Protected Applications Page.
- Verify your Application is listed with all the Metadata you supplied.
- Click the three ellipses to the right.
Scroll down into the highlighted area and click and Copy App ID, Tenant ID and API Key
Copy and save each value to a location where you can access it in the next steps.
That completes the configuartion of F5 XC Console.
Log In to your BIG-IP
You will Notice in version 17.1 and above you will have a new selection along the left pane called Distributed Cloud Services. Expand and you will see all the latest integrations F5 provides.
- Application Traffic Insight
- Bot Defense
- Client-Side Defense
- Account Protection & Authentication Intelligence
- Cloud Services
This article as stated before will focus on Bot Defense. Look for future articles that will focus on the other integrations.
On the Main tab, Click Distributed Cloud Services > Bot Defense > Bot Profiles and Select Create
This will bring up the General Properties page where you will enter required and optional information.
Mandatory items have a Blue line on the edge.
- Supply a Name
- Application ID - From previous step
- Tenant ID - From previous step
- API Hostname - Web is filled in for you
- API Key - from previous step
In the JS Injection Configuration section, the BIG-IP Handles JS Injectionsfield is checked by default, if you uncheck the field then follow the Note
Protected Endpoint(s) - Web - Supply either the URI or IP of the Host Application along with the path and method you are protecting on the protected endpoint.
In the following image, I have selected Advanced to show more detail of what is available. Again Mandatory fields have a blue indicator. Here the Protection Pool and SSL Profile.
Click Finished when complete.
One final step to complete the setup.
Go to the Main tab, Local Traffic > Virtual Servers > Virtual Serves List
Select the Virtual Server you are going to apply the Bot Defense profile to. Click on Distributed Cloud Services on the top banner
Under Service Settings > Bot Defense set to Enable and then select the Bot Defense Profile you created in the above steps. The click Update.
You have now sucessfully integrated BIG-IP Distributed Cloud Service on version 17.1 with F5 Distributed Coud Bot Defense.
One final visual is the dashboard for F5 Distributed Cloud Bot Defense. This is where you will observe and monitor what bots and actions have been taken against bots and your protected applications.
Conclusion:
I hope you were able to benefit from this tutorial. I was able to show how quickly and easlity it is to configure F5 Dsitributed Cloud Bot Defense on BIG-IP v17.1 using the built in Distributed Cloud Services integration.
Related Links:
Nice! Cloud Sandboxing/Malware Scanning for files will be a great edition to the feature list.
- Aapazmino1986Altostratus
Hi F5ers, plz.. do you know if is mandatory for hybrid environment with my big ip VE on premise for integration towards F5 XC, that big ip ve be in version 17.0.x or later?. or is possible work on 16.x.x or less.. Best practices? Suggestions?.. Thanks.. B.R
- Evan_CharlesEmployee
Hi - In your intro, would it be possible to include a diagram illustrating traffic flows between Clients, F5 XC, BIG-IP and Servers? For those new to XC, it is not immediately obvious what this solution achieves.