To make it easy to verify your F5 Advanced WAF Antibot BigIP Setup, Appdome has created a simple verification app to validate F5 Big IP Mobile Anti-Bot configuration.
The Anti Bot verification app is manually integrated with the F5 Anti-Bot SDK. This app will diagnose your Anti-Bot policy on your F5 BIG-IP and indicate if your F5 Anti-Bot SDK has initialized successfully. In addition, When upon connecting to the protected hosts, the app still displays the HTTP responses before/ after the SDK initialization.
The Anti Bot verification is available for free download from Google store or from the Mobile Threat tab in the Appdome platform.
This Knowledge Base article describes how to install and use Appdome’s Anti Bot verification app.
Before using the F5 Anti-Bot verification app, it is worthwhile to check that your protected resource is accessible from your network. You can try to access the resource with your PC browser, or a browser on the mobile device (note: if Anti-Bot is properly engaged, the mobile browser might not be able to access the server). You might also want to check your BIG-IP logs (if you set-up a Bot Defense logging profile assigned to the resource).
If you can’t access (even if the request is blocked) your app protected resource through the network, you will not be able to access it with the F5 Anti-Bot verification app.
In order to use the F5 Anti-Bot verification app, you’ll need:
Once you have the app installed on your mobile device, follow these steps:
If your server is accessible, your Anti Bot is set-up and configured correctly and you entered the correct data in the app, the initialization of the SDK should succeed and you will receive a verification PIN. Enter this verification PIN on our platform and continue to build your app with F5 AntiBot SDK.
If the initialization failed, it could indicate a problem in your Anti-Bot policy configuration on your BIG-IP or that you used the wrong data in the app (like in the image below)
At any point, whether the SDK successfully initialized or not, you can verify the access to your resource URL:
If the Anti-Bot SDK is initialized successfully, and your URL is in the list of subdomains, the app will engage the Anti-Bot SDK cookies for the request. In this case, you will successfully reach your protected host. You can view the connection details by clicking on “See Details” at the bottom of the screen.
If the Anti Bot SDK initialization failed for the Anti Bot Verification app, which is integrated with SDK manually, it will also fail with your target app when built with the SDK automatically by Appdome.
The most likely misconfigurations are:
We recommend contacting F5 support to troubleshoot the BIG-IP, but you are welcome to contact Appdome’s support team with any questions. In addition, we recommend to first make sure your BIG-IP is correctly handling requests from a PC browser (if possible).
To share your results, click on the Share icon on the top right corner. If you have a configured email client on your device, please select it and email the app logs to the Appdome support team.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.