How to Validate F5 BIG-IP Mobile App Anti-Bot Configuration
To make it easy to verify your F5 Advanced WAF Antibot BigIP Setup, Appdome has created a simple verification app to validate F5 Big IP Mobile Anti-Bot configuration.
The Anti Bot verification app is manually integrated with the F5 Anti-Bot SDK. This app will diagnose your Anti-Bot policy on your F5 BIG-IP and indicate if your F5 Anti-Bot SDK has initialized successfully. In addition, When upon connecting to the protected hosts, the app still displays the HTTP responses before/ after the SDK initialization.
The Anti Bot verification is available for free download from Google store or from the Mobile Threat tab in the Appdome platform.
This Knowledge Base article describes how to install and use Appdome’s Anti Bot verification app.
Before using the F5 Anti-Bot verification app, it is worthwhile to check that your protected resource is accessible from your network. You can try to access the resource with your PC browser, or a browser on the mobile device (note: if Anti-Bot is properly engaged, the mobile browser might not be able to access the server). You might also want to check your BIG-IP logs (if you set-up a Bot Defense logging profile assigned to the resource).
If you can’t access (even if the request is blocked) your app protected resource through the network, you will not be able to access it with the F5 Anti-Bot verification app.
Prerequisites to Validate F5 BIG-IP Mobile App Anti-Bot Configuration
In order to use the F5 Anti-Bot verification app, you’ll need:
- The Fr Anti-Bot verification App (.apk for Android)
- A configured and accessible BIG-IP server
- A server protected by F5’s BIG-IP
- An Android device
6 Easy Steps to Validate F5 BIG-IP Mobile App Anti-Bot Configuration
Once you have the app installed on your mobile device, follow these steps:
- Launch the app.
- Enter the hostname of your protected resource in the Protected Host field. This should be a hostname that resolves to the address on a Virtual Server on the BIG-IP, that has an Anti-Bot policy enabled.
- If certificate pinning is needed in your configuration, enter your F5 certificate Hash generated in the F5 Anti-Bot SDK Process.
- If you have protected subdomains that resolve to your protected Virtual Server, toggle on “Support multiple Domains” and enter those additional domains. you can enter full FQDN or wildcard by replacing the subdomain with a period, e.g. www.company.com, .company.com.
- Toggle On “Deactivate Anti Bot SSL” if your server configuration is set to use plain HTTP traffic when communicating with Big-IP.
- Click Verify.
If your server is accessible, your Anti Bot is set-up and configured correctly and you entered the correct data in the app, the initialization of the SDK should succeed and you will receive a verification PIN. Enter this verification PIN on our platform and continue to build your app with F5 AntiBot SDK.
If the initialization failed, it could indicate a problem in your Anti-Bot policy configuration on your BIG-IP or that you used the wrong data in the app (like in the image below)
Using the Anti Bot Verification App to Access the Resource
At any point, whether the SDK successfully initialized or not, you can verify the access to your resource URL:
- (optional) Add your configured connection header name and value by clicking on Input Header.
- Enter your resource URL
- Click on the GO button.
If the Anti-Bot SDK is initialized successfully, and your URL is in the list of subdomains, the app will engage the Anti-Bot SDK cookies for the request. In this case, you will successfully reach your protected host. You can view the connection details by clicking on “See Details” at the bottom of the screen.
How Can I Share the Results?
If the Anti Bot SDK initialization failed for the Anti Bot Verification app, which is integrated with SDK manually, it will also fail with your target app when built with the SDK automatically by Appdome.
The most likely misconfigurations are:
- Incorrect routing from the hostname to the BIG-IP virtual server
- Misconfigured policy on the BIG-IP
- Using the wrong hostname, port or protocol for initialization
- Using a network that can’t access the virtual server
We recommend contacting F5 support to troubleshoot the BIG-IP, but you are welcome to contact Appdome’s support team with any questions. In addition, we recommend to first make sure your BIG-IP is correctly handling requests from a PC browser (if possible).
To share your results, click on the Share icon on the top right corner. If you have a configured email client on your device, please select it and email the app logs to the Appdome support team.
How Do I Learn More?
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.