This article describes the PingIntelligence and F5 BIG-IP solution deployment for securing APIs. The integration identifies and automatically blocks cyber attacks on APIs, exposes active APIs, and provides detailed reporting on all API activity.
PingIntelligence is deployed in a side-band configuration with F5 BIG-IP. A PingIntelligence policy is installed in F5 BIG-IP and passes API metadata to PingIntelligence for detailed API activity reporting and attack detection with optional client blocking. PingIntelligence software includes support for reporting and attack detection based on usernames captured from JSON Web Token (JWT).
Following is a description of the traffic flow through F5 BIG-IP and PingIntelligence API Security Enforcer (ASE):
The client sends an incoming request to F5 BIG-IP
F5 BIG-IP makes an API call to send the request metadata to ASE
ASE checks the request against a registered set of APIs and looks for the origin IP, cookie, OAuth2 token, or API key in PingIntelligence AI engine generated Blacklist. If all checks pass, ASE returns a 200-OK response to the F5 BIG-IP. If not, a different response code is sent to F5 BIG-IP. The request information is also logged by ASE and sent to the AI Engine for processing.
F5 BIG-IP receives a 200-OK response from ASE, then it forwards the request to the backend server pool. A request is blocked only when ASE sends a 403 error code.
The response from the back-end server poll is received by F5 BIG-IP.
F5 BIG-IP makes a second API call to pass the response information to ASE which sends the information to the AI engine for processing.
ASE receives the response information and sends a 200-OK to F5 BIG-IP.
F5 BIG-IP sends the response received from the backend server to the client.
BIG-IP system must be running TMOS v18.104.22.168 or higher version.
Download the PingIntelligence policy from the download site.
Step-1: Import and Configure PingIntelligence Policy
Login to your F5 BIG-IP web UI and navigate to Local Traffic > iRules > LX Workspaces.
On the LX Workspaces page, click on the Import button.
Enter a Name and choose the PingIntelligence policy that you downloaded from the Ping Identity download site. Then, click on the Import button.
This creates LX workspace
Open the Workspace by clicking on the name. The policy is pre-loaded with an extension named oi_ext. Edit the ASE configuration by clicking on the ASEConfig.js file. It opens the PingIntelligence policy in the editor: