This Knowledge Base article describes how you can troubleshoot your F5 Anti-Bot server connection to mobile apps with the F5 Anti-Bot SDK.
To make it easy to tell if your Anti-Bot policy on your F5 BIG-IP is configured correctly, Appdome has created a simple debugging app, to tests the SDK’s initialization and operation. Upon request with Appdome support, you can use this debugging app.
The debugging app (available upon request from the Appdome support team) is a manually integrated with the F5 Anti-Bot SDK. The app can indicate if your F5 Anti-Bot SDK has initialized successfully and show HTTP responses to protected hosts – with the SDK initialized or before initialization.
Prerequisites to Using F5 Anti-Bot Debug App to Troubleshoot F5 Anti-Bot Server.
In order to use the F5 Anti-Bot troubleshooting app, you’ll need:
- The Anti-Bot Debugging App (.apk for Android)
- A configured and accessible BIG-IP server
- A server protected by F5’s BIG-IP
- An Android device
How to Use the Anti-Bot Debugging App
First, it is worthwhile to see that your protected resource is accessible from your network. You can try to access the resource with your PC browser, or a browser on the mobile device (note: if Anti-Bot is properly engaged, the mobile browser might not be able to access the server). You might also want to check your BIG-IP logs (if you set-up a Bot Defence logging profile assigned to the resource).
If you can’t access (even if the request is blocked) the resource through the network, you will not be able to access it with the debug app.
Once you received the Anti-Bit Debugging App, you’ll need to install in on your device. You can use ADB (Android debug bridge), or services like AirDroid to install the app.
Once you have the app ready, follow these steps:
- Enter the hostname for your resource in the Host field. This should be a hostname that resolves to the address on a Virtual Server on the BIG-IP, that has an Anti-Bot policy enabled.
- In the Domains field, enter the subdomain (or domains, separated with commas) which are protected by Anti-Bot. You can use a wildcard phrase by using a period (.), for all subdomains (e.g. “.appdomelabs.com”). If you only use one domain, enter it without any port.
- Turn On or Off Use SSL, to match the set-up of your server.
- Click INIT
If your server is accessible, your Anti-Bot is set-up and configured correctly and you entered the correct data in the app, initialization should succeed.
You will see: a green indication, an “AntiBot initialized successfully” message and a list of cookies.
If the initialization failed, you will a red indication and an “Antibot failed to initialize” message. This could mean you have a problem in your Anti-Bot configuration on your BIG-IP or that you used the wrong data in the app (like in the image below)
The Initialization Square on the top right corner has 3 states:
- Orange – The Anti Bot SDK is not initialized
- Green – The Anti Bot SDK is initialized
- Red – The Anti Bot SDK initialization failed (due to an error in the environment setup / wrong user input)
Using the Anti-Bot Debug App to Access the Resource
At any point, whether the SDK or not, you can use the URL field to try to access any URL (and received a text view of the response).
If the Anti-Bot SDK is initialized, and you access a URL in the list of subdomains, the app will engage the Anti-Bot SDK for the request. You can examine the response and the headers.
What to Do With the Results?
Using the debug app is meant to assure that your Anti-Bit is properly configured and that you know what are the protected resources.
Initialization Was Successful
If the initialization failed for the debug app, which is integrated with SDK manually, it will also fail with your target app when built with the SDK automatically by Appdome.
The most likely misconfigurations are:
- Incorrect routing from the hostname to the BIG-IP virtual server
- Misconfigured policy on the BIG-IP
- Using the wrong hostname, port or protocol for initialization
- Using a network that can’t access the virtual server
We recommend contacting F5 support to troubleshoot the BIG-IP, but you are welcome to contact Appdome’s support team with any questions.
We also recommend to first make sure your BIG-IP is correctly handling requests from a PC browser (if possible). Then try the Anti-Bot Debug App again, and only when initialization is successful, and you are confident your set-up is working properly, to fused your target app.
How Do I Learn More?
To zoom out on this topic, visit the Mobile Threat section on our website or Request a demo at any time.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.