on 30-Mar-202110:26 - edited on 05-Jun-202323:03 by JimmyPackets
This article describes the PingIntelligence and F5 BIG-IP solution deployment for securing APIs. The integration identifies and automatically blocks cyber attacks on APIs, exposes active APIs, and provides detailed reporting on all API activity.
PingIntelligence is deployed in a side-band configuration with F5 BIG-IP. A PingIntelligence policy is installed in F5 BIG-IP and passes API metadata to PingIntelligence for detailed API activity reporting and attack detection with optional client blocking. PingIntelligence software includes support for reporting and attack detection based on usernames captured from JSON Web Token (JWT).
Following is a description of the traffic flow through F5 BIG-IP and PingIntelligence API Security Enforcer (ASE):
The client sends an incoming request to F5 BIG-IP
F5 BIG-IP makes an API call to send the request metadata to ASE
ASE checks the request against a registered set of APIs and looks for the origin IP, cookie, OAuth2 token, or API key in PingIntelligence AI engine generated Blacklist. If all checks pass, ASE returns a 200-OK response to the F5 BIG-IP. If not, a different response code is sent to F5 BIG-IP. The request information is also logged by ASE and sent to the AI Engine for processing.
F5 BIG-IP receives a 200-OK response from ASE, then it forwards the request to the backend server pool. A request is blocked only when ASE sends a 403 error code.
The response from the back-end server poll is received by F5 BIG-IP.
F5 BIG-IP makes a second API call to pass the response information to ASE which sends the information to the AI engine for processing.
ASE receives the response information and sends a 200-OK to F5 BIG-IP.
F5 BIG-IP sends the response received from the backend server to the client.
BIG-IP system must be running TMOS v184.108.40.206 or higher version.