Leverage BIG-IP 17.1 Distributed Cloud Services to Integrate F5 Distributed Cloud Bot Defense

Introduction:

The F5 Distributed Cloud (XC) Bot Defense protects web and mobile properties from automated attacks by identifying and mitigating malicious bots. The Bot Defense uses JavaScript and API calls to collect telemetry and mitigate malicious users.

The F5 Distributed Cloud (XC) Bot Defense is available in Standard and Enterprise service levels. In both the service levels the Bot Defense is available for traffic form web, web scarping, and mobile. The web scrapping is only applicable to web endpoints.

This article will show you how to configure and use F5 Distributed Cloud Bot Defense (XC Bot Defense) on BIG-IP version 17.1 and above and monitor the solution on F5 Distributed Cloud Console (XC Console).

Prerequisites:

Getting Started:

Log In to F5 XC Console:

If XC Bot Defense isn't enabled, a Bot Defense landing page appears. Select Request Service to enable XC Bot Defense.

If XC Bot Defense is enabled, you will see the tiles.  Select Bot Defense.

Verify you are in the correct Namespace.  If your Namespace does not have any Protected Applications you will see the following page.

  • Click Add Protected Application

 When you select a Namespace that has been configured with Protected Applications you will see this page.

 Scroll down to Manage

  • Click Applications
  • Click Add Application

The Protected Application page is presented.

Enter:

  • Name
  • Labels
  • Description
  • Select the Application Region - US in this example
  • Connector Type - BIG-IP iApp for this demo. Cloudfront and Custom are other available connectors

 Scroll to the bottom and Click Save and Exit

That will take you back to the Protected Applications Page.

  • Verify your Application is listed with all the Metadata you supplied.
  • Click the three ellipses to the right.

 Scroll down into the highlighted area and click and Copy App ID, Tenant ID and API Key

Copy and save each value to a location where you can access it in the next steps.

That completes the configuartion of F5 XC Console.

Log In to your BIG-IP

You will Notice in version 17.1 and above you will have a new selection along the left pane called Distributed Cloud Services.  Expand and you will see all the latest integrations F5 provides.

  • Application Traffic Insight
  • Bot Defense
  • Client-Side Defense
  • Account Protection & Authentication Intelligence
  • Cloud Services

This article as stated before will focus on Bot Defense.  Look for future articles that will focus on the other integrations.

On the Main tab, Click Distributed Cloud Services > Bot Defense > Bot Profiles and Select Create

This will bring up the General Properties page where you will enter required and optional information.

Mandatory items have a Blue line on the edge.

  • Supply a Name
  • Application ID - From previous step
  • Tenant ID - From previous step
  • API Hostname - Web is filled in for you
  • API Key - from previous step

 

In the JS Injection Configuration section, the BIG-IP Handles JS Injectionsfield is checked by default, if you uncheck the field then follow the Note given in the Web UI.

Protected Endpoint(s) - Web - Supply either the URI or IP of the Host Application along with the path and method you are protecting on the protected endpoint.

In the following image, I have selected Advanced to show more detail of what is available.  Again Mandatory fields have a blue indicator.  Here the Protection Pool and SSL Profile.

Click Finished when complete.

One final step to complete the setup.

Go to the Main tab, Local Traffic > Virtual Servers > Virtual Serves List

 Select the Virtual Server you are going to apply the Bot Defense profile to. Click on Distributed Cloud Services on the top banner

Under Service Settings > Bot Defense set to Enable and then select the Bot Defense Profile you created in the above steps.  The click Update.

 You have now sucessfully integrated BIG-IP Distributed Cloud Service on version 17.1  with F5 Distributed Coud Bot Defense.

One final visual is the dashboard for F5 Distributed Cloud Bot Defense.  This is where you will observe and monitor what bots and actions have been  taken against bots and your protected applications.

 

Conclusion:

I hope you were able to benefit from this tutorial.  I was able to show how quickly and easlity it is to configure F5 Dsitributed Cloud Bot Defense on BIG-IP v17.1 using the built in Distributed Cloud Services integration.

Related Links:

https://www.f5.com/cloud

https://www.f5.com/cloud/products/bot-defense

BIG-IP Bot Defense on 14.x-16.x 

Updated Apr 10, 2023
Version 3.0
application delivery
cloud
F5 Distributed Cloud
security
series-f5-distributed-cloud
Verified Designs

Was this article helpful?

3 Comments

Sort By
  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Mar 27, 2023

    Nice! Cloud Sandboxing/Malware Scanning for files will be a great edition to the feature list.

  • Aapazmino1986's avatar
    Aapazmino1986
    Icon for Altostratus rankAltostratus
    Apr 24, 2023

    Hi F5ers, plz.. do you know if is mandatory for hybrid environment with my big ip VE on premise for integration towards F5 XC, that big ip ve be in version 17.0.x or later?. or is possible work on 16.x.x or less.. Best practices? Suggestions?.. Thanks.. B.R

  • Evan_Charles's avatar
    Evan_Charles
    Icon for Employee rankEmployee
    Feb 07, 2024

    Hi - In your intro, would it be possible to include a diagram illustrating traffic flows between Clients, F5 XC, BIG-IP and Servers? For those new to XC, it is not immediately obvious what this solution achieves.