How to quickly protect your Cloudflare CDN with F5 Distributed Cloud Bot Defense

Introduction

F5 Distributed Cloud (XC) Bot Defense can now be easily integrated into the Cloudflare CDN. The connector instantly integrates with XC Bot Defense to help customers improve their bottom line by eliminating automated bot traffic.  XC Bot Defense has the highest long-term efficacy by combining machine learning with human domain experience to ensure sustained near-zero false positives.

In this article, I will outline the steps to start and take advantage of F5 Bot Defense.

Prerequisites:

• An Account on F5 Distributed Cloud Services.
• A Cloudflare CDN is delivering your applications.

F5 Distributed Cloud Steps:

• Log In:

•  Select the Bot Defense Tile

•  Scroll down Selecting Manage > Applications

• Click Add Application

• Provide Name, Label and a Description
• Select the Application Region (US for my demo)
• Select the Connector Type - Cloudflare (Previous articles covered BIG-IP, CloudFront and Custom)

•  Select Configure once Cloudflare is selected as the Connector Type

•  Select Configure under Protected Endpoints

•  On the Protected Endpoints page click Add Item

• Give the Protected Endpoint a Name and Description
• Under Domain Matcher you have the option of Any Domain which will match all domains or you can specify the Domain you are protecting.

• I am using Any Domain
• Next indicate the Path you are protecting; Entry Points and/or Login pages as examples.
• Query Strings
• HTTP Methods - Depending on what you are protecting. (GET, POST, PUT)

•  Select the Client Type (Web Client, Mobile Client or Web and Mobile) again depending on your application. Here I will Select Web Client

• Next you will select the Mitigation action. (Continue, Redirect or Block) - I am selecting Block
  

• Block gives you the ability to indicate Status, Content Type and the displayed Body.
• Click Apply

• This screen shows the Protected Endpoint now configured.
• Next we will Specify the Java Script Insertion Rules
• Click Configure

• The Web Client Java Script Path and name can be configured here.
• The Java Script Location is where the Java Script is inserted on your Web Application.

• Under Java Script Insertion Paths Click Add Item - We will specify where to insert the JS.  You could also configure JS Exclude Paths.
• Give this a Name and Description
• Domain Matcher just as before, can be Any Domain or you can Specify a Domain.
• And finally, the Path (Prefix, Path or Glob) Supply the path to insert the JS.
• Click Apply
• We now have configured the Web Client JS settings.
• If we were configuring mobile application protection we would enable Mobile SDK
• Trusted Client Rules we could specify an IP Prefix and/or HTTP Headers.
• Click Apply
• Click Save and Exit

• This takes us back to our main Applications page.
• Click the three ellipsis to the right.

• Download both the Config file and Worker file to a known location.  We will use these files in the Cloudflare UI.

That is all the configuration needed in F5 Distributed Cloud Console.  We will return to monitor our Application after configuring Cloudflare.

Cloudflare Steps:

• Log In:

•  Navigate down to Workers

From this page, you would either select an existing Service if one existed or Create a Service.  I am showing how to Create a Service.

• Click Create a Service
• Cloudeflare assigns a name.

•  Select HTTP handler
• Then Create Service

 

• Click on your newly created Service

• Click Quick Edit

 

• Notice on the left the code would deploy a worker that returns "Hello World"

But we need to assign the worker to a Website.  Return to the main menu and select Websites.

• We have a Website already configured. Select the preconfigured Website.  We could Add a Site if one was not already configured.

 

• This will take you to the Website Summary Page.

 

• Select Workers Routes on the Left Pane
• Then Click Add Route

• Cloudflare shows the Website Route but it is greyed out.  Type the Route.
• Select the Service you created in the last steps.
• Select the Environment
• Click Save

 

This will return you to the Workers Routes page.  It will show the Service was added to the HTTP Routes.

 

Next we need to test and verify the Worker is returning what we are expecting. Remember above, it should return "Hello World"

• Navigate in a browser to your website.  In this case https://sales.xcbotsdemo.com/  You should get the following return.

This shows our website and worker are working as expected.  Now we will configure our Worker to protect the actual website with F5 Distributed Cloud Bot Defense.

• Navigate back to your Worker and Select Quick Edit.

 

Here we will use the files we downloaded from F5 Distributed Cloud Console.

• The Worker file is the .js file you downloaded.
• The Config file is the .json file you downloaded
• Open both files in the editor of your choice
• Copy the entire contents of the Worker file and replace the contents in the left hand pane

 

 

• Copy the entire contents of the Config file and replace the contents in the left hand pane under XC Configuartion -- "_CONFIG_"
• Click Save and Deploy at the bottom.
  

 

• You will recieve a succesful message if the Worker depoys suceesfully.  If not it returns an error.

• Now is the time to prove all the prior work.
• Navigate back to https://sales.xcbotsdemo.com/  If you have configured everything correcty, you should get your website to return as below.

 

Now I genertated traffic via human browser clicks and then automated commmands that would mimic bot traffic.  I show the results in the F5 Distributed Cloud Bot Defense Overview page.

 

 

Technical Demo:

 

Brightboard Video

 

 

Conclusion:

As you can see, F5 Distributed Cloud Bot Defense protected your Cloudflare hosted application from automated threats.  It allowed normal human browsing but identified and mitigated actions you specified as malicious bots.

Related Links:

https://www.f5.com/cloud

https://www.f5.com/cloud/products/bot-defense