Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Apr 29, 2020

Integrate mobile application with WAF

I have mobile app and I want to integrate it with WAF , the app using api and the server ip is used in api url ex: https://x.x.x.x/api , there is no domain name used. So I have assign public IP in v...
application delivery
ASM Advanced WAF
devops
irule
LTM
THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
May 02, 2020

Actually I have test that with ASM (not blocking mode) , but I noticed that the public ip does not reach the backend server. Cuz the first page in app is a login page, when I try to enter my user and pass there is a message show "user name or pass not correct" this is when the public ip placed in api url . But when i replace public ip with the backend ip in api url the app works fine.

 

The idea from adding public ip in api url is to pass traffic through WAF and that public ip should reach the backend ip . I don't know of this the way doing that or not.

 

Thanks

Ivan_Chernenkii's avatar
Ivan_Chernenkii
Icon for Employee rankEmployee
May 19, 2020

OK, it seems I got you...

 

If you want to protect your mobile application with WAF policy, then:

  1. You need to configure Mobile Application at Bot profile (starting from v14.1.0) or at DOS profile (starting from v13.1.0 to v14.1.0).
  2. You need to attach this profile to the Virtual Server with WAF policy.

 

For additional protection you can integrate Anti-Bot Mobile SDK into your application.

 

Thanks, Ivan