The API Security Paradox: F5 Distributed Cloud Bot Defense Connector for BIG-IP walkthrough

Introduction 

In our 1^st article in this series, The API Security Paradox: When Automation Becomes Both Solution and Threat, we went through how API security and Bot Defense come hand-in-hand. Automated threats have evolved from simple scrapers to sophisticated botnets capable of mimicking human behavior with alarming accuracy.

Then we showed how F5 Distributed Cloud Bot Connector can be seamlessly added to enhance your WAAP solution through The API Security Paradox: Technical walkthrough F5 Distributed Cloud API security and Bot Defense​ 

In this article, we are exploring how to use F5 Distributed Cloud Connector to use BIG-IP along with F5 Distributed Cloud Bot Defense.

 

Technical walkthrough 

Let's go through the steps to enable the connector and observe how we can smoothly leverage our existing BIG-IP installation. 

F5 Distributed Cloud 

1. Log on to the Distributed Cloud Console. From the Dashboard page, click Bot Defense.
2. Verify that you are in the correct namespace. For information about namespaces, see 
3. Click Manage > Applications and then click Add Application.
4. Add a Name and Description for the protected application.
5. Select the Application Region where the origin server for the new protected application resides: US, EU, Asia.
6. From the Connector Type drop-down list, select the proper template for our BIG-IP installation (In our case, F5 BIG-IP (v17.0 or greater))
7. Click Add Protected Application.

Before going for BIG-IP configurations section, make sure you have copied some information from F5 Distributed Cloud. 

 

BIG-IP Configurations 

Once we have our application created at F5 Distributed Cloud Bot Defense console and our items are copied. 

Let's create our connector at BIG-IP,

1. On the Main tab, click Distributed Cloud Services > Bot Defense > BD Profiles.

2. Click the Create button, The New BD Profile screen opens. 

3. In the General Properties section, enter the following details:
   1. In the Profile Name field, enter a unique name for the Bot Defense profile.
   2. In the Parent Profile field, select the Bot Defense parent profile from which this profile will inherit settings.
   3. For the Service Level field, select Standard.
   4. For the Application Type field, check Web.

 

  4. In the JS Insertion Configuration section, the BIG-IP Handles JS Injections field is checked by default.

   5. Add the protected endpoints, Mitigation action and Block response. 

Once done, you can apply the BD profile to the virtual server you need to protect. 

Traffic now will flow through BIG-IP to the protected application. BIG-IP will insert the JavaScript that collects and communicates the analytics, allowing Bot defense to apply the required protection level. 

Inspecting traffic to the application from the browser, you will notice the injection of the JavaScript. 

And we can observe the F5 Distributed Cloud Bot Defense dashboard, showing the analytics and actions taken. 

 

Conclusion 

As we saw in this article and the previous one, F5 Distributed Cloud Bot Defense can be integrated smoothly into your application, whether via F5 Distributed Cloud or through integration with several connectors. 

This enhance and simplify application delivery and security efforts across the organization, but maintaining the focus on proper application innovation and having a single pane of glass for your WAAP solution.

 

Related Content 

• Ridiculously Easy Bot Protection: How to Use BIG-IP APM to Streamline Bot Defense Implementation | DevCentral 
• F5 Distributed Cloud Bot Defense on BIG-IP 17.1 
• F5 Distributed Cloud Bot Defense 
• Bot Defense Overview 
• Enable on BIG-IP v17.0 or later