How to Use Cloudflare's WAF with Appdome MOBILEBot Defense
Overview
Web Application Firewalls (WAFs), like the one offered by Cloudflare, play a crucial role in protecting web applications from a wide range of cyber threats. Using CloudFlare Workers with Appdome’s MOBILEBot™ Defense solution offers app developers a streamlined approach to protect backend APIs against malicious bots and botnets, credential stuffing attacks, DDoS, invalid traffic and other automated attacks. In this guide, you will learn how to set up Appdome MOBILEBot Defense and mutual TLS (mTLS).
Prerequisites for Using Cloudflare Workers
For utilizing Appdome Mobile Anti-Bot Defense with CloudFlare Workers, you’ll need the following:
- Workers
- Workers KV
- An Android or iOS app that is secured by Appdome MOBILEBot Defense
- An Appdome MOBILEBot Defense License
Implementing Appdome MOBILEBot Defense with Cloudflare Workers
Cloudflare Worker Setup
1. Install Wrangler CLI tool
To install Wrangler, ensure you have Node.js and npm installed, preferably using a Node version manager like Volta or nvm. Using a version manager helps avoid permission issues and allows you to change Node.js versions. Wrangler requires a Node.js version of 16.13.0 or later.
Wrangler is installed locally into each of your projects. This allows you and your team to use the same Wrangler version, control Wrangler versions for each project, and rollback to an earlier version of Wrangler, if needed.
To install Wrangler within your Worker project, run:
npm install wrangler --save-dev
2. Run Wrangler Login
wrangler login
Workers KV Setup
1. Create a KV namespace called AD_NONCES. This namespace will be utilized within the worker.
2. After establishing the namespace, copy its ID.
3. Navigate to the provided folder by Appdome:
4. Click on the ‘wrangler.toml‘ file
5. Insert the ID number into the wrangler.toml file under kv_namespaces, specifically under the variable AD_NONCES.
6. Populate the following Appdome variables:
- AD_TARGET
- AD_HOST
- AD_SHARED_SECRET
- AD_COMPROMISED_SECRET
- AD_HEARTBEAT_VALIDITY
The basic form of the method put() should look like this:
Sample wrangler.toml Configuration
name = "cloudflare"
main = "src/worker.ts"
compatibility_date = "2023-09-04"
node_compat = true
# Variable bindings. These are arbitrary, plaintext strings (similar to environment variables)
# Note: Use secrets to store sensitive data.
# Docs: https://developers.cloudflare.com/workers/platform/environment-variables
[vars]
AD_TARGET = "www.appdome.com"
AD_HOST = "www.appdome.com"
AD_SHARED_SECRET = "123t"
AD_COMPROMISED_SECRET = "zxc123"
AD_HEARTBEAT_VALIDITY = "60"
# Bind a KV Namespace. Use KV as persistent storage for small key-value pairs.
# Docs: https://developers.cloudflare.com/workers/runtime-apis/kv
[[kv_namespaces]]
binding = "AD_NONCES"
id = ""
Provide a Private RSA Key
This private key is essential for payload decryption. It matches the public key provided during the build process.
The key should be saved in plain text in the src/worker.ts file.
- Click on ‘src‘
2. Click on ‘worker.ts‘
Worker Deployment
Using the Wrangler CLI tool. Execute the following command:
npm run deploy
Configure Custom Domain
To set up your custom domain, please refer to the instructions on Custom Domain Setup
Setup SSL certificates and mTLS
Set up your SSL certificates via your Cloudflare environment. For a detailed guide, consult the Client Certificates documentation
Optional: If you have enabled mTLS in your Appdome fusion set, make sure to also enable Cloudflare mTLS in order for mutual authentication from both sides. Learn more about enabling mTLS.
Conclusion
By using CloudFlare Workers Server and Appdome’s MOBILEBot Defense, you can protect your backend APIs against malicious bots and enhance the security of mobile apps. By mastering and implementing the aforementioned configurations, businesses can safeguard and optimize their mobile app traffic.
Related Articles:
- MOBILEBot™ Defense
- How to Block Mobile Bots with Client Certificates, Authenticate Legitimate Mobile Apps
- How to Secure Android & iOS Apps in Azure DevOps Pipelines
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app defense easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.
