Technical Articles
F5 SMEs share good practice.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
Ted_Byerly
Legacy Employee
Legacy Employee

Introduction:

The F5 Distributed Cloud (XC) Bot Defense protects web and mobile properties from automated attacks by identifying and mitigating malicious bots. The Bot Defense uses JavaScript and API calls to collect telemetry and mitigate malicious users.

The F5 Distributed Cloud (XC) Bot Defense is available in Standard and Enterprise service levels. In both the service levels the Bot Defense is available for traffic form web, web scarping, and mobile. The web scrapping is only applicable to web endpoints.

This article will show you how to configure and use F5 Distributed Cloud Bot Defense (XC Bot Defense) on BIG-IP version 17.1 and above and monitor the solution on F5 Distributed Cloud Console (XC Console).

Prerequisites:

Getting Started:

Log In to F5 XC Console:

msdk_login.png

If XC Bot Defense isn't enabled, a Bot Defense landing page appears. Select Request Service to enable XC Bot Defense.

If XC Bot Defense is enabled, you will see the tiles.  Select Bot Defense.

BD_Tile.png

Verify you are in the correct Namespace.  If your Namespace does not have any Protected Applications you will see the following page.

  • Click Add Protected Application

Screenshot 2023-02-15 at 7.31.30 PM.png

 When you select a Namespace that has been configured with Protected Applications you will see this page.

BD_Namespace.png

 Scroll down to Manage

  • Click Applications
  • Click Add Application

BD_AddApp.png

The Protected Application page is presented.

Enter:

  • Name
  • Labels
  • Description
  • Select the Application Region - US in this example
  • Connector Type - BIG-IP iApp for this demo. Cloudfront and Custom are other available connectors

BD_AddApp_Detailed.png

 Scroll to the bottom and Click Save and Exit

That will take you back to the Protected Applications Page.

  • Verify your Application is listed with all the Metadata you supplied.
  • Click the three ellipses to the right.

BD_App_Finished.png

 Scroll down into the highlighted area and click and Copy App ID, Tenant ID and API Key

Screenshot 2023-02-15 at 2.10.53 PM.png

Copy and save each value to a location where you can access it in the next steps.

That completes the configuartion of F5 XC Console.

Log In to your BIG-IP

Screen Shot 2022-07-14 at 2.57.52 PM.png

You will Notice in version 17.1 and above you will have a new selection along the left pane called Distributed Cloud Services.  Expand and you will see all the latest integrations F5 provides.

  • Application Traffic Insight
  • Bot Defense
  • Client-Side Defense
  • Account Protection & Authentication Intelligence
  • Cloud Services

Screenshot 2023-02-13 at 9.21.59 AM.png

This article as stated before will focus on Bot Defense.  Look for future articles that will focus on the other integrations.

On the Main tab, Click Distributed Cloud Services > Bot Defense > Bot Profiles and Select Create

Screenshot 2023-02-15 at 8.39.19 PM.png

This will bring up the General Properties page where you will enter required and optional information.

Mandatory items have a Blue line on the edge.

  • Supply a Name
  • Application ID - From previous step
  • Tenant ID - From previous step
  • API Hostname - Web is filled in for you
  • API Key - from previous step

Screenshot 2023-02-15 at 8.41.57 PM.png

 

In the JS Injection Configuration section, the BIG-IP Handles JS Injectionsfield is checked by default, if you uncheck the field then follow the Note given in the Web UI.

Protected Endpoint(s) - Web - Supply either the URI or IP of the Host Application along with the path and method you are protecting on the protected endpoint.

In the following image, I have selected Advanced to show more detail of what is available.  Again Mandatory fields have a blue indicator.  Here the Protection Pool and SSL Profile.

Screenshot 2023-02-16 at 12.02.22 PM.png

Click Finished when complete.

One final step to complete the setup.

Go to the Main tab, Local Traffic > Virtual Servers > Virtual Serves List

Screenshot 2023-02-16 at 12.07.17 PM.png

 Select the Virtual Server you are going to apply the Bot Defense profile to. Click on Distributed Cloud Services on the top banner

Under Service Settings > Bot Defense set to Enable and then select the Bot Defense Profile you created in the above steps.  The click Update.

Screenshot 2023-02-16 at 12.20.54 PM.png

 You have now sucessfully integrated BIG-IP Distributed Cloud Service on version 17.1  with F5 Distributed Coud Bot Defense.

One final visual is the dashboard for F5 Distributed Cloud Bot Defense.  This is where you will observe and monitor what bots and actions have been  taken against bots and your protected applications.

Screenshot 2023-02-16 at 12.54.26 PM.png

 

Screenshot 2023-02-16 at 12.54.48 PM.png

Conclusion:

I hope you were able to benefit from this tutorial.  I was able to show how quickly and easlity it is to configure F5 Dsitributed Cloud Bot Defense on BIG-IP v17.1 using the built in Distributed Cloud Services integration.

Related Links:

https://www.f5.com/cloud

https://www.f5.com/cloud/products/bot-defense

BIG-IP Bot Defense on 14.x-16.x 

Comments

Nice! Cloud Sandboxing/Malware Scanning for files will be a great edition to the feature list.

Aapazmino1986
Nimbostratus
Nimbostratus

Hi F5ers, plz.. do you know if is mandatory for hybrid environment with my big ip VE on premise for integration towards F5 XC, that big ip ve be in version 17.0.x or later?. or is possible work on 16.x.x or less.. Best practices? Suggestions?.. Thanks.. B.R

Version history
Last update:
‎10-Apr-2023 12:35
Updated by:
Contributors