How to Use Imperva's WAF with Appdome MobileBOT™ Defense

Last updated August 29, 2024 by Appdome

Introduction

Web Application Firewalls (WAFs), like the one offered by Imperva, play a crucial role in protecting web applications from a wide range of cyber threats. Using Imperva’s WAF with Appdome’s MobileBOT™ Defense solution offers app developers a streamlined approach to protect backend APIs against malicious bots and botnets, credential stuffing attacks, DDoS, invalid traffic, and other automated attacks. In this guide, you’ll learn how to integrate Appdome’s Docker Image with Imperva’s WAF.

Before delving into the steps, let’s understand some of the terms used:

MTLS (Mutual Transport Layer Security): Mutual TLS (mTLS) is a method for mutual authentication in which both parties in a network connection validate the SSL certificates presented by each other against a trusted root Certificate Authority (CA) certificate.

Client Certificate: In cryptography, a client certificate is a type of digital certificate that is used by client systems to send authenticated requests to a remote server.

Safe Session: Represents sessions that are determined to be safe or not at risk of any threat.

At-Risk Session: Represents sessions that are potentially under threat or have detected anomalies.

Header Payload: The data transferred in the header of HTTP requests or responses. Protecting this data ensures that it cannot be tampered with during transit.

Prerequisites for Using Imperva & Appdome Docker Image

For utilizing Appdome MobileBOT™ Defense with Imperva, you’ll need the following:

  • An Imperva account with admin permissions
  • An AWS, GCP, or Azure server with admin permissions
  • An Android or iOS app secured by Appdome MobileBOT™ Defense
  • An Appdome MobileBOT™ Defense License

Getting Started with Imperva’s WAF Setup and Configuration

Note: For any additional information, please refer to Imperva’s documentation on Cloud Application and Network Security

  1. Access Imperva Portal
  2. Configure Imperva Cloud WAF
    • To open the Origin Server Settings, log in to your my.imperva.com account. On the top menu bar, click Application.
    • On the sidebar, click Websites and click a website name.
    • On the sidebar, click Website Settings.
    • Click Origin Servers.
      For more information, see Imperva’s guide on how to set up Origin Servers.
  3. Set Up Redirect Rule

    • Create a redirect rule in the Imperva portal. This rule should specify the conditions for the redirection (e.g., specific URLs or patterns) and the target URL or domain where you want to redirect traffic.
    • See Imperva’s guide on how to Create Simplified Redirect Rules
  4. Add a Client Certificate
  5. mTLS Configuration
    • See the Imperva guide on how to Upload a CA certificate to your account

      IMPORTANT:
      Configuring the mTLS is only necessary if you have enabled mTLS in the Appdome Build process. Otherwise, skip ahead to the section Configure Appdome’s Docker Image.

Setting up the server of your choice

When the Imperva configuration has been completed, you can begin setting up your GCP, Azure, AWS server, or any cloud provider of your choice.

Links to Dedicated Appdome Knowledge Base articles:

  • GCP: For setting up a server on the Google Cloud Platform and configuring it with Appdome’s Docker Image, follow this guide.
  • Azure: For setting up a server on Microsoft Azure and configuring it with Appdome’s Docker Image, follow this guide.
  • AWS: For setting up a server on Amazon Web Services and configuring it with Appdome’s Docker Image, follow this guide.

To learn more, see the installation instructions for Installing Docker Engine on Ubuntu

Configure Appdome’s Docker Image

After setting up your server of choice, proceed to configure the Appdome Docker Image as outlined in our dedicated knowledge base article, How to Configure Appdome’s Docker Image for MobileBOT™ Defense.

Related Articles:

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app defense easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Mobile Bot Defense

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.