I have mobile app and I want to integrate it with WAF , the app using api and the server ip is used in api url ex: https://x.x.x.x/api , there is no domain name used. So I have assign public IP in virtual server , and replace server ip from api to public ip , so now the server ip in pool ..
I was thinking when open mobile app it will hit the api (that contain public ip) and from WAF the VS will reach the pool (server ip) but this does not works.
The app does not work and there is no hit or traffic in WAF .
Any idea ? is there any thing missing?
Not sure which app you are using and need to understand application traffic flow. API security (WAF/AWAF) play key role here. So, F5 consultant may help to optimize configuration based on your need.
Actually I have test that with ASM (not blocking mode) , but I noticed that the public ip does not reach the backend server. Cuz the first page in app is a login page, when I try to enter my user and pass there is a message show "user name or pass not correct" this is when the public ip placed in api url . But when i replace public ip with the backend ip in api url the app works fine.
The idea from adding public ip in api url is to pass traffic through WAF and that public ip should reach the backend ip . I don't know of this the way doing that or not.
Sorry, I am not sure, that I fully understand your use case. Could you provide some examples of request - what you send and what you expect?
I understand, that you want to protect your mobile APP with WAF, but again - does this configuration work without WAF? Could you check it? It will help us better to understand on what side we have an issue.
without WAF it is working fine since the server ip is placed in api url..
my scenario is , i want to protect my application with WAF , i follow the normal process i have create virtual server , node, pool , policy ..
i have assign public ip in virtual server , placed server ip in node and assign it to pool , then assign pool to virtual server with policy, and the change i did i have replace server ip with public ip in api url ex:
old api url : https://10.x.x.x/api
new api url : https://82.x.x.x/api
82.x.x.x : it is the public ip in virtual server.
but this scenario does not work.
the app idea , is you have to login then you can request for annual leave .
but when i start the integration with WAF , when i try to access the app by enter username and password it show error and can not verify user/password.
and there is no block in WAF block mode not applied . so i think because i placed public ip in api url and that is why can not reach server.
So, now you have VS with public api with WAF. Right?
So, now you have VS with public api with WAF. Right? yes
but if i try to access the api url through browser ex : https://82.x.x.x/api , i can see traffic in event log but with mobile application no traffic is showing.
OK, it seems I got you...
If you want to protect your mobile application with WAF policy, then:
For additional protection you can integrate Anti-Bot Mobile SDK into your application.