How to quickly protect your Cloudflare CDN with F5 Distributed Cloud Bot Defense
Introduction F5 Distributed Cloud (XC) Bot Defense can now be easily integrated into the Cloudflare CDN. The connector instantly integrates with XC Bot Defense to help customers improve their bottom line by eliminating automated bot traffic. XC Bot Defense has the highest long-term efficacy by combining machine learning with human domain experience to ensure sustained near-zero false positives. In this article, I will outline the steps to start and take advantage of F5 Bot Defense. Prerequisites: An Account on F5 Distributed Cloud Services. A Cloudflare CDN is delivering your applications. F5 Distributed Cloud Steps: Log In: Select the Bot Defense Tile Scroll down Selecting Manage > Applications Click Add Application Provide Name, Label and a Description Select the Application Region (US for my demo) Select the Connector Type - Cloudflare (Previous articles covered BIG-IP, CloudFront and Custom) Select Configureonce Cloudflare is selected as the Connector Type Select Configure under Protected Endpoints On the Protected Endpoints page click Add Item Give the Protected Endpoint a Name and Description Under Domain Matcher you have the option of Any Domain which will match all domains or you can specify the Domain you are protecting. I am using Any Domain Next indicate the Path you are protecting; Entry Points and/or Login pages as examples. Query Strings HTTP Methods - Depending on what you are protecting. (GET, POST, PUT) Select the Client Type (Web Client, Mobile Client or Web and Mobile) again depending on your application. Here I will Select Web Client Next you will select the Mitigation action. (Continue, Redirect or Block) - I am selecting Block Block gives you the ability to indicate Status, Content Type and the displayed Body. Click Apply This screen shows the Protected Endpoint now configured. Next we will Specify the Java Script Insertion Rules Click Configure The Web Client Java Script Path and name can be configured here. The Java Script Location is where the Java Script is inserted on your Web Application. Under Java Script Insertion Paths Click Add Item - We will specify where to insert the JS. You could also configure JS Exclude Paths. Give this a Name and Description Domain Matcher just as before, can be Any Domain or you can Specify a Domain. And finally, the Path (Prefix, Path or Glob) Supply the path to insert the JS. Click Apply We now have configured the Web Client JS settings. If we were configuring mobile application protection we would enable Mobile SDK Trusted Client Rules we could specify an IP Prefix and/or HTTP Headers. Click Apply Click Save and Exit This takes us back to our main Applications page. Click the three ellipsis to the right. Download both the Config file and Worker file to a known location. We will use these files in the Cloudflare UI. That is all the configuration needed in F5 Distributed Cloud Console. We will return to monitor our Application after configuring Cloudflare. Cloudflare Steps: Log In: Navigate down to Workers From this page, you would either select an existing Service if one existed or Create a Service. I am showing how to Create a Service. Click Create a Service Cloudeflare assigns a name. Select HTTP handler Then Create Service Click on your newly created Service Click Quick Edit Notice on the left the code would deploy a worker that returns "Hello World" But we need to assign the worker to a Website. Return to the main menu and select Websites. We have a Website already configured. Select the preconfigured Website. We could Add a Site if one was not already configured. This will take you to the Website Summary Page. Select Workers Routes on the Left Pane Then Click Add Route Cloudflare shows the Website Route but it is greyed out. Type the Route. Select the Service you created in the last steps. Select the Environment Click Save This will return you to the Workers Routes page. It will show the Service was added to the HTTP Routes. Next we need to test and verify the Worker is returning what we are expecting. Remember above, it should return "Hello World" Navigate in a browser to your website. In this case https://sales.xcbotsdemo.com/ You should get the following return. This shows our website and worker are working as expected. Now we will configure our Worker to protect the actual website with F5 Distributed Cloud Bot Defense. Navigate back to your Worker and Select Quick Edit. Here we will use the files we downloaded from F5 Distributed Cloud Console. The Worker file is the .js file you downloaded. The Config file is the .json file you downloaded Open both files in the editor of your choice Copy the entire contents of the Worker file and replace the contents in the left hand pane Copy the entire contents of the Config file and replace the contents in the left hand pane under XC Configuartion -- "_CONFIG_" Click Save and Deploy at the bottom. You will recieve a succesful message if the Worker depoys suceesfully. If not it returns an error. Now is the time to prove all the prior work. Navigate back to https://sales.xcbotsdemo.com/ If you have configured everything correcty, you should get your website to return as below. Now I genertated traffic via human browser clicks and then automated commmands that would mimic bot traffic. I show the results in the F5 Distributed Cloud Bot Defense Overview page. Technical Demo: Brightboard Video Conclusion: As you can see, F5 Distributed Cloud Bot Defense protected your Cloudflare hosted application from automated threats. It allowed normal human browsing but identified and mitigated actions you specified as malicious bots. Related Links: https://www.f5.com/cloud https://www.f5.com/cloud/products/bot-defenseF5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions
In this article, I will show you how to easily protect your AWS CloudFront distributions with F5 Distributed Cloud (XC) Bot Defense. We will take advantage of AWS Lambda@Edge and the AWS Serverless Application Repository (SAR) to integrate with the F5 XC Bot Defense API. Amazon CloudFront is a content delivery network (CDN) operated by Amazon Web Services. Content delivery networks provide a globally-distributed network of proxy servers that cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content. F5's Distributed Cloud Bot Defense combined with Amazon's CloudFront to protect your vital applications from malicious traffic is an effective and robust solution. General Overview of Architecture Create a new Bot Defense application for AWS CloudFront Log in to your F5 Distributed Cloud Console Go to the Dashboard page of XC console and click Bot Defense Verify you are in the correct Namespace. Click Add Application at the top-left of the page. Add a Name for the Application, and a Description. Select a region (US, EMEA, or APJC). For Connector Type, select AWS CloudFront. Once AWS CloudFront is selected, options appear to configure AWS reference details. Add AWS Reference Information Enter your AWS 12-digit Account Number. Specify your AWS Configuration and add your CloudFront distribution; a Distribution ID and/or a Distribution Tag. You can add one or more distributions. This information is needed to associate your newly created protected application to your AWS distribution(s). Add Protected Endpoints Click Configure to define your protected endpoints. Click Add Item Enter a name and a description to the specific endpoint. Specify the Domain Matcher. You can choose any domain or specify a specific host value. Specify the Path to the endpoint (such as /login). Choose the HTTP Methods for which request will be analyzed by Bot Defense. Multiple methods can be selected. Select the Client type that will access this endpoint (Web Client). Select the Mitigation action to be taken for this endpoint: Continue (request continues to origin) Redirect. Provide the appropriate Status Code and URI Block. Provide the Status Code, Content Type, and Response message When done configuring the endpoint, click Apply. To continue, click Apply at the bottom of the page. Define Continue Global Mitigation Action The Header Name for Continue Mitigation Action field is the header that is added to the request when the Continue mitigation action is selected and Add A Header was selected in the endpoint mitigation configuration screen. Define Web Client JavaScript Insertion Settings JS Location - Choose the location where to insert the JS in the code: Just After <head> tag. Just After </title> tag. Right Before <script> tag. Under Java Script Insertions. Select Configure. owing Javascript insertion menu Click Add Item Add the Web Client JavaScript Path. You should select paths to HTML pages that end users are likely to visit before they browse to any protected endpoint. Click Apply Click Save & Exit to save your protected application configuration. Download Config File and AWS Installer Tool In the Actions column of the table, click the 3 ellipses (…) on your application. Download both the Config File and the AWS Installer. Log in to your AWS Console Login to AWS Console home page. Select AWS Region Northern Virginia (US-EAST-1). Use the search to find Serverless Application Repository and click it Click Available Applications and search with "F5" Click the F5BotDefense tile This will take you to the Lambda page. Here you will be creating and deploying a Lambda Function Click Deploy to install the F5 Connector for CloudFront Deploying the F5 Connector creates a new Lambda Application in your AWS Account. AWS sets the name of the new Lambda Application to start with serverlessrepo-. The deployment can take some time. It is complete when you see the serverlessrepo-F5BotDefense-*of type Lambda Function. You can click on the nameto review contents of the installed Lambda Function. n details Switch to AWS CloudShell Configuration of the F5 Connector in AWS is best done via the F5 CLI tool. It is recommended to use the AWS CloudShell in us-east-1 region to avoid any issues. After starting AWS CloudShell, click Actions and Upload file. Upload the files you downloaded from the F5 XC Console, config.json and f5tool. (Only one file at a time can be uploaded) Run bash f5tool --install <config.json>. Installation can take up to 5 minutes. Note: Copy pasting the command may not work and so type it manually. The installation tool saves the previous configuration of each CloudFront Distribution in a file. You can use the F5 tool to restore a saved Distribution config (thus removing F5 Bot Defense). Note: Your F5 XC Bot Defense configuration, such as protected endpoints, is sensitive security info and is stored in AWS Secrets Manager. You should delete config.json after CLI installation. Validate CloudFront Distribution Functions Navigate to CloudFront > Distributions and select the distribution you are protecting. Then go to Behaviors Here under Behaviors are where you specify which request/response is forwarded to the Lambda@Edge Function to process with F5 XC Bot Defense. F5 XC Bot Defense requires us to leverage Viewer Request and Origin Request events. These events need to be available for user to use (IE they have not assigned other Functions) The AWS Installer tool that we downloaded from Distributed Cloud Console and ran in the AWS CloudShell configured this for us. AWS CloudWatch AWS CloudWatch contains logs for Lambda function deployed by F5BotDefense serverless application. The Log group name starts with /aws/lambda/us-east-1.serverlessrepo-F5BotDefense-F5BotDefense-*. The logs of lambda function can be found in the region closest to the location where the function executed. For troubleshooting, look for error messages contained in the links under Log steams. View Bot Traffic Now let’s return to F5 XC Console and show the monitoring page. Log in to your F5 Distributed Cloud Console Go to the Dashboard page of XC console and click Bot Defense. Make sure you are in the correct Namespace Under Overview click Monitor Here you can monitor and respond to events that are identified as Bot traffic. Conclusion That is all that is required to deploy F5 XC Bot Defense to protect your AWS Cloud Front distributions from mailicious bots protecting yourself from fraud and abuse. Related Articles: An overview of F5 Distributed Cloud Bot Defense How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense with iApps How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense, natively Related Video: Get Started: F5 Distributed Cloud Services F5 Distributed Cloud Bot Defense Brightboard Lesson
Protecting Your Native Mobile Apps with F5 XC Mobile App Shield
Introduction Mobile App Shield is a security technology that integrates directly into mobile applications to provide proactive security against a wide range of attacks, such as tampering, debugging, code injection, code modification and stealing of data from the app. Mobile App Shield is delivered in separate packages for iOS and for Android. Shielding an app with Mobile App Shield is an automated process. Key Capabilities F5 Distribtued Cloud (XC) Mobile App Shield contains multiple security features to counter threats found in the Android and iOS eco-system, and are outlined further below. Product Demo In this Product Demonstration we'll be showcasing Mobile App SHIELD with a product demonstration of how to both integrate SHIELD while also highlighting the protection it provides Conclusion Mobile App Shield represents an advanced security technology seamlessly embedded within mobile applications, offering proactive protection against a diverse array of threats and is easily coupled with XC Bot Defense for comprehensive Mobile App Protection for both Android and iOS. Related Content Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation) Bot Defense for Mobile Apps in XC WAAP Part 1: The Bot Defense Mobile SDK F5 Bot Defense Solutions F5 Fraud Solutions F5 Authentication Intelligence The OWASP Automated Threats Project OWASP Automated Threats - CAPTCHA Defeat (OAT-009) OWASP Automated Threats - Credential Stuffing (OAT-008) OWASP Automated Threats - OAT-001 Carding Operationlizing Online Fraud Detection, Prevention, and Response JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo) How Attacks Evolve From Bots to Fraud Part: 1 How Attacks Evolve From Bots to Fraud Part: 2 F5 Distributed Cloud Bot Defense (Overview and Demo)OWASP Automated Threats - OAT-005 Scalping
Introduction: In thisOWASP Automated ThreatArticle we'll be highlightingOAT-005 Scalpingwith some basic threat information as well as a recorded demo to dive into the concepts deeper. In our demo we'll show how Automation is used to monitor and wait for goods or services to become available and then take rapid action to beat normal users to obtain them. We'll wrap it up by highlightingF5 XC Bot Defenseto show how we solve this problem for our customers. Scalping Description: Acquisition of goods or services using the application in a manner that a normal user would be unable to undertake manually. Although Scalping may include monitoring awaiting availability of the goods or services, and then rapid action to beat normal users to obtain these.Scalping includes the additional concept of limited availability of sought-after goods or services, and is most well known in the ticketing business where the tickets acquired are then resold later at a profit by the scalpers. OWASP Automated Threat (OAT) Identity Number OAT-005 Threat Event Name Scalping Summary Defining Characteristics Obtain limited-availability and/or preferred goods/services by unfair methods. OAT-005 Attack Demographics: Sectors Targeted Parties Affected Data Commonly Misused Other Names and Examples Possible Symptoms Entertainment Many Users NA Bulk purchase High peaks of traffic for certain limited-availability goods or services Financial Application Owner Purchase automation Increased circulation of limited goods reselling on secondary market Retail Purchase bot Queue jumping Ticket Scalping Scalping Demo: In this demo we will be showing a simple example of how automation is used to monitor and wait for goods or services to become available and then take rapid action to beat normal users to obtain them. We'll then have a look at the same attack with F5 Distributed Cloud Bot Defense protecting the application. In Conclusion: Scalping Bots are a real problem for organization and customers as they are made up of a vast ecosystem to acquire large amounts of inventory at scale to be sold for a profit. F5 has the solutions to provide superior efficacy to interrupt and stop this unwanted automation. OWASP Links OWASP Automated Threats to Web Applications Home Page OWASP Automated Threats Identification Chart OWASP Automated Threats to Web Applications Handbook F5 Related Content Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation) F5 Bot Defense Solutions The OWASP Automated Threats Project OWASP Automated Threats - CAPTCHA Defeat (OAT-009) OWASP Automated Threats - Credential Stuffing (OAT-008) OWASP Automated Threats - OAT-001 Carding Operationlizing Online Fraud Detection, Prevention, and Response JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo) How Attacks Evolve From Bots to Fraud Part: 1 How Attacks Evolve From Bots to Fraud Part: 2 F5 Distributed Cloud Bot DefenseBot Defense for Mobile Apps in XC WAAP Part 1: The Bot Defense Mobile SDK
Introduction The amount of automated attacks that target mobile devices is increasing rapidly each year and causes major financial damage across industries. Today, malicious bots are launched in droves to attack our mobile devices and apps where most of our online activity happens. Unfortunately for developers of mobile apps, many techniques used by traditional bot-defense solutions are not supported by native mobile apps. As a result, if developers do not take precautions, their back-end mobile API components can be exposed to automated attacks such as content scraping, denial of service (DOS), credential stuffing, fake account creation, and a host of others. F5's Mobile SDK is a component of the F5 Distributed Cloud (F5 XC) Bot Defense service. It is designed to protect requests made by native mobile apps.Similar to the web JavaScript solution, Bot Defense Mobile SDK works by gathering telemetry on the mobile device, and sending it to the Bot Defense server as headers with the protected requests. Bot Defense Mobile SDK exists for both iOS and Android, and functions similarly on both platforms. Demo: In our first demo we’re going to navigate through the WAAP (Web App & API Protection) Connector for Distributed Cloud Bot Defense and step through the configuration items to protect a mobile application endpoint In Conclusion: A Mobile app is a prime target for attack because it is so ubiquitous and has been traditionally difficult to secure. Software Development Kits (SDKs) such as the F5 Bot Defense Mobile SDK eliminate that difficulty and enable app developers to quickly integrate critical security features into their code—without having to write additional code themselves. F5 Related Content Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation) F5 Bot Defense Solutions F5 Fraud Solutions F5 Authentication Intelligence The OWASP Automated Threats Project OWASP Automated Threats - CAPTCHA Defeat (OAT-009) OWASP Automated Threats - Credential Stuffing (OAT-008) OWASP Automated Threats - OAT-001 Carding Operationlizing Online Fraud Detection, Prevention, and Response JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo) How Attacks Evolve From Bots to Fraud Part: 1 How Attacks Evolve From Bots to Fraud Part: 2 F5 Distributed Cloud Bot Defense (Overview and Demo)OWASP Automated Threats - Credential Stuffing (OAT-008)
Introduction: In this OWASP Automated Threat Article we'll be highlighting OAT-008 Credentials Stuffing with some basic threat information as well as a recorded demo to dive into the concepts deeper. In our demo we'll show how Credential Stuffing works with Automation Tools to validate lists of stolen credentials leading to manual Account Takeover and Fraud. We'll wrap it up by highlightingF5 Bot Defenseto show how we solve this problem for our customers. Credential Stuffing Description: Lists of authentication credentials stolen from elsewhere are tested against the application’s authentication mechanisms to identify whether users have re-used the same login credentials. The stolen usernames (often email addresses) and password pairs could have been sourced directly from another application by the attacker, purchased in a criminal marketplace, or obtained from publicly available breach data dumps. Unlike OAT-007 Credential Cracking, Credential Stuffing does not involve any bruteforcing or guessing of values; instead credentials used in other applications are being tested for validity Likelihood & Severity Credential stuffing is one of the most common techniques used to take-over user accounts. Credential stuffing is dangerous to both consumers and enterprises because of the ripple effects of these breaches. Anatomy of Attack The attacker acquires usernames and passwords from a website breach, phishing attack, password dump site. The attacker uses automated tools to test the stolen credentials against many websites (for instance, social media sites, online marketplaces, or web apps). If the login is successful, the attacker knows they have a set of valid credentials. Now the attacker knows they have access to an account. Potential next steps include: Draining stolen accounts of stored value or making purchases. Accessing sensitive information such as credit card numbers, private messages, pictures, or documents. Using the account to send phishing messages or spam. Selling known-valid credentials to one or more of the compromised sites for other attackers to use. OWASP Automated Threat (OAT) Identity Number OAT-008 Threat Event Name Credential Stuffing Summary Defining Characteristics Mass log in attempts used to verify the validity of stolen username/password pairs. OAT-008 Attack Demographics: Sectors Targeted Parties Affected Data Commonly Misused Other Names and Examples Possible Symptoms Entertainment Many Users Authentication Credentials Account Checker Attack Sequential login attempts with different credentials from the same HTTP client (based on IP, User Agent, device, fingerprint, patterns in HTTP headers, etc.) Financial Application Owner Account Checking High number of failed login attempts Government Account Takeover Increased customer complaints of account hijacking through help center or social media outlets Retail Login Stuffing Social Networking Password List Attack Password re-use Use of Stolen Credentials Credential Stuffing Demo: In this demo we will be showing how attackers leverage automation tools with increasing sophistication to execute credential stuffing against the sign in page of a web application. We'll then have a look at the same attack with F5 Distributed Cloud Bot Defense protecting the application. In Conclusion: A common truism in the security industry says that there are two types of companies—those that have been breached, and those that just don’t know it yet. As of 2022, we should be updating that to something like “There are two types of companies—those that acknowledge the threat of credential stuffing and those that will be its victims.” Credential stuffing will be a threat so long as we require users to log in to accounts online. The most comprehensive way to prevent credential stuffing is to use an anti-automation platform. OWASP Links OWASP Automated Threats to Web Applications Home Page OWASP Automated Threats Identification Chart OWASP Automated Threats to Web Applications Handbook F5 Related Content Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation) F5 Bot Defense Solutions F5 Labs "I Was a Human CATPCHA Solver" The OWASP Automated Threats Project OWASP Automated Threats - CAPTCHA Defeat (OAT-009) How Attacks Evolve From Bots to Fraud Part: 1 How Attacks Evolve From Bots to Fraud Part: 2 F5 Distributed Cloud Bot Defense F5 Labs 2021 Credential Stuffing Report
Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation)
Introduction This guide, along with the provided scripts and sample app and services, is designed to help explore and demonstrate the use cases of the F5 Distributed Cloud (XC) Bot Defense in a variety of different cloud environments including AWS, Azure, GCP, and within the Distributed Cloud (XC) Regional Edge. XC Bot Defense Connector Strategy F5 Distributed Cloud Bot Defensemeets you where you’re at when it comes to deployment flexibility.We make it ridiculously easy for you to deploy XC Bot Defense either in the cloud, on-prem, or as a hybrid configuration with pre-built connecters in leading application platforms and CDNs to make deployment easy and fast. Choose Your Path Within each deployment scenario, you can choose your path with the following options to deploy the specified Bot Defense environment using either the console deployment link or automation with terraform. Module 1 Deploy Bot Defense on Regional Edges with F5 Distributed Cloud Module 2 Deploy F5 XC Bot Defense for AWS Cloudfront with F5 Distributed Cloud Module 3 Deploy Bot Defense in Azure with BIG-IP Connector for F5 Distributed Cloud Module 4 Deploy Bot Defense in GCP Using BIG-IP Connector for F5 Distributed Cloud XC Bot Defense Scenarios The modules below lay out a framework for connecting and managingdistributed app services for this scenario, with a focus on the three core use cases. MODULE 1: Deploy Bot Defense on Regional Edges with F5 Distributed Cloud In this scenario, we will be deploying our fictitious airline application into a Regional Edge location of our choosing via the VK8's service in XC. We'll walk through all of the required steps, provide the vk8's manifest file and front end this application with an XC HTTP Load Balancer. In addition, the HTTP Load Balancer will be used to front-end our application and enable our XC Bot Defense Service. Choose your path: Console Steps for XC Bot Defense on Regional Edges Coming Soon*** Automated Deployment of XC Bot Defense on Regional Edge via Terraform MODULE 2:Deploy F5 XC Bot Defense for AWS Cloudfront with F5 Distributed Cloud In this scenario, we will be deploying our fictitious application in AWS with the XC Bot Defense Connector for AWS Cloudfront Distributions. Choose your path: Console Steps to Deploy F5 XC Bot Defense for AWS Cloudfront Coming Soon*** Automated Deployment of XC Bot Defense for AWS Cloudfront MODULE 3: Deploy Bot Defense in Azure with BIG-IP Connector for F5 Distributed Cloud In this scenario, we will be deploying our fictitious application into Azure with the XC Bot Defense Connector for BIG-IP. Choose your path: Console Steps to Deploy F5 XC Bot Defense in Azure with BIG-IP Connector Coming Soon*** Automated Deployment of XC Bot Defense in Azure with BIG-IP Connector MODULE 4: Deploy Bot Defense in GCP Using BIG-IP Connector for F5 Distributed Cloud In this scenario, we will be deploying our fictitious application into GCP with the XC Bot Defense Connector for BIG-IP. Choose your path: Console Steps to Deploy F5 XC Bot Defense in GCP Using BIG-IP Connector Coming Soon*** Automated Deployment of XC Bot Defense in GCP with BIG-IP Connector For additional information, refer to these resources: Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation) GitHub repository with the walk-throughof the deployment steps & demo YouTube video seriesdiscussing the different aspects of this configuration DevCentral Learning Series: Edge Compute Get Started with F5 Distributed Cloud ServicesMaking Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator
Introduction To prevent attackers from exploiting mobile apps to launch bots, F5 provides customers with the F5 Distributed Cloud (XC) Mobile SDK, which collects signals for the detection of bots. To gain this protection, the SDK must be integrated into mobile apps, a process F5 explains in clear step-by-step technical documentation. Now, F5 provides an even easier option, the F5 Distributed Cloud Mobile SDK Integrator, a console app that performs the integration directly into app binaries without any need for coding, which means no need for programmer resources, no need to integration delays. The Mobile SDK Integrator supports most iOS and Android native apps. As a console application, it can be tied directly into CI/CD pipelines to support rapid deployments. Use Cases While motivations for using SDK Integrator may vary, below are some of the more common reasons: Emergency integrations can be accomplished quickly and correctly. Customers experiencing active bot attacks may need to integrate with F5 Distributed Cloud Bot Defense immediately and minimize integration risks. Apps using 3rd-party libraries may not be suitable for manual integration, particularly when these libraries do not provide APIs for adding HTTP headers into network requests. In such cases, the SDK Integrator can inject SDK calls into the underlying network stack, bypassing the limitations of the network library. Customers who own multiple apps, which may have different architectures, or are managed by different owners, need a single integration method, one which works for all app architectures and is simple to roll out to multiple teams. The SDK Integrator facilitates a universal integration approach. How It Works The work of the SDK Integrator is done through two commands: the first command creates a configuration profile for the SDK injection, and the second performs the injection. Step 1: $ python3 ./create_config.py --target-os Android --apiguard-config ./base_configuration_android.json --url-filter "*.domain.com/*/login" --enable-logs --outfile my_app_android_profile.dat In Step 1, apiguard-config lets the user specify the base configuration to be used in integration. With url-filter we specify the pattern for URLs which require Bot Defense protection, enable-logs allows for APIGuard logs to be seen in the console, outfile specifies the name of this integration profile. Step 2: $ java -jar SDK-Integrator.jar --plugin F5-XC-Mobile-SDK-Integrator-Android-plugin-4.1.1-4.dat --plugin my_app_android_profile.dat ./input_app.apk --output ./output_app.apk --keystore ~/my-key.keystore --keyname mykeyname --keypass xyz123 --storepass xyz123 In Step 2, we specify which SDK Integrator plugin and configuration profile should be used. In the same step, we can optionally pass parameters for app-signing: keystore, keyname, keypass and storepass. Output parameter specifies the resulting file name. The resulting .apk or .aab file is a fully integrated app, which can be tested and released. Injection steps for iOS are similar. The commands are described in greater detail in the SDK Integrator user guides distributed with the SDK Integrator. Mobile SDK Integrator Video In Conclusion In order to thwart potential attackers from capitalizing on mobile apps to initiate automated bots, The F5 Distributed Cloud Mobile SDK Integrator seamlessly incorporates the SDK into app binaries, completely bypassing the necessity for coding making the process easy and fast. Related Content Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation) Protecting Your Native Mobile Apps with F5 XC Mobile App Shield Bot Defense for Mobile Apps in XC WAAP Part 1: The Bot Defense Mobile SDKProtect Your Adobe Commerce Site with F5 Distributed Cloud Services
Now you can use F5 Distributed Cloud Services to protect your Adobe Commerce site against malicious bots, seamlessly authenticate users, and stop online fraud – enabling you to fully maximize your Adobe Commerce investment F5 Distributed Cloud Bot Defense blocks up to 99% of malicious bots and other automated attacksat the origin. F5 Distributed Cloud Account Protection leverages a real-time, closed-loop AI fraud engine designed to predict and mitigaterisky or malicious transactions. F5 Distributed Cloud Authentication Intelligencemodel’s good user behavior to ensure safe user journeys and reduces unnecessary friction (e.g., MFA, CAPTCHA). In this article I will show you how to easily setup and configure the bot defense solution as the setup and steps are nearly identical and would be duplicative. Note: This article assumes you have both a F5 Distributed Cloud Services account and an Adobe Commerce Account. Log in to F5’s Distributed Cloud Console Click the Bot Defense tile Make sure you are in the correct Namespace. (Tenant’s configuration objects are grouped under namespaces. Namespaces can be thought of as administrative domains.) Click Add Application Give your application a Name, Labels, and a Description. Select the appropriate Application Region. Next Choose the Connector type as Custom Click Save and Exit This takes you back to the Manage Applications Page. Verify your Application has been deployed. App Name, Connector Type App ID and the Region are Correct. Here you will click on the ellipsis under Actions and copy out the following information: Copy App ID Copy Tenant ID Copy API Key Copy Web API Hostname Copy Telemetry Header Prefix This will be the information we will need to supply to the Adobe Commerce site to protect your application. Next Switch to Adobe Commerce and Login. This will take you to Your Dashboard. Navigate down the Left Pane and Select Stores. Click Configuration. Navigate down the Configuration page to F5 Distributed Cloud Services. Here we will select Distributed Cloud Bot Defense for this article. You could just as easily Select Account Protection and/or Authentication Intelligence. I'll cover the others in a follow-on article. Here you configure the settings that will set all the parameters needed to integrate with F5 Distributed Cloud. (F5XC) At the very top and most important you need to enable the Service. This will expose all the other settings we will configure. Now transfer all the key elements you copied out from the F5XC console: Copy App ID Copy Tenant ID Copy API Key Copy Web API Hostname Copy Telemetry Header Prefix This information is the base that allows your application to talk to and establish a connection to theF5 Distributed Cloud Console. This is enough to get connected. Now you would configure the protection you require. In the sections JS Insertion settings, Login Protection Settings, Protected Endpoints and Web Scraping Settings you will supply names, paths, methods and mitigations to protect your applications from the malicious bots. All the detailed information and each setting is too much to cover for this introductory article, but I hope this helps you get started. This shows just how easily and quickly you can set this up. Detailed guides will be available to explain each setting. Although not covered here both Account Protection and Authentication Intelligence are enabled the same way. Enable the Service in the UI and supply API hostnames and a few details copied from Distributed Cloud Console. Related Articles: F5 Distributed Cloud Bot Defense Overview How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense with iApps How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense, natively F5 Distributed Cloud ServicesHow to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense, natively
Prerequisites This article assumes that you have access to the F5 Distributed Cloud and you are using BIG-IP version 17.0. If you have BIG-IP version 14.1 to 16.x you should follow the steps in this article. Log in to your tenant dashboard. You should now see a new tile called Bot Defense. Click on the Bot Defense tile. You are presented with the following screen: Verify the correct "Namespace" in the upper left and then click on “Add Protected Application.” The following screen appears, and you need to supply the highlighted information: Name Region Connector Type Click Save and Exit. Back in the Bot Defense management space, select the application you just created by clicking the … dots, and then Copy the App ID, Tenant ID and API Key to a convenient location, where you will need to access these values when configuring your BIG-IP SaaS Service. Login to your BIG-IP. In version 17.0 you will notice a new tile down on the left side called SaaS Services. Click on Bot Defense. Click on Bot Defense, BD Profiles and click Create. In the following sections I have highlighted sections I want to call out. In addition, another article will be devoted to all the knobs and widgets on this page. I am just discussing the minimum to easily deploy F5 XC Bot Defense. In the first section you are going to fill in the fields with the keys you copied earlier form the F5 XC Bot defense page. Select the BIG-IP to handle the JS injections and the path or URL. Next are the endpoints you want to protect from automated bots. You supply the host, url or path, the method, and the mitigation you desire, continue, redirect, block or drop. These pages typically are login pages and pages subjected to web scraping. Select the Shape Protection pool F5 tells you to use. Select the SSL Profile you are going to use. Click Finished when done. That is how simple and quickly you have protected your application with F5's XC Bot Defense. Next we will switch back to the F5 XC Dashboard and see themitigation taking place. Navigate to Bot Defense, Overview, Monitor.. As you can see, F5's XC Bot Defense was able tosuccessfully stop bot attacks from the endpoints you protected. You are able to see the Countries, the endpoints and the action, along with the number of bots versus human traffic. Related links: YouTube: https://www.youtube.com/watch?v=kHHDOyIQu1c F5: https://www.f5.com/cloud https://www.f5.com/cloud/products/bot-defense Lab: Advanced WAF Demo v17 + LCC, ML, ATI, CSD, XC Bot Defense and GraphQL - VD Solutions https://udf.f5.com/b/a5732e46-d2b9-45d8-9aff-d0d9de52fd0c#documentation
