The F5 Anti-Bot SDK enables customers to detect and protect mobile applications from bot attacks. This Knowledge Base article describes how to add F5 Anti-Bot protection to Android & iOS apps and implement the SDK in less than 10 minutes – no code or coding required.
Appdome is a no-code mobile app security platform designed to add security features in mobile apps. Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps without coding. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Using Appdome, there are no development or coding prerequisites to build secured apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, stores, and logic to the app automatically, with no manual development work at all.
Using Appdome, mobile applications will use the F5 Anti-Bot SDK to protect applications against bots, vulnerability scanners, content scraping, and other automated attack vectors as if the code was natively added to the application. Appdome for F5 Anti-Bot is compatible with mobile applications built in any development environment including Native Android and iOS apps, hybrid applications, and non-native applications built in Xamarin, Cordova, and React Native, Ionic, and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of Anti-Bot to any mobile application.
Appdome for F5 Anti-Bot enables you to protect multiple domains, either by providing a list of domains or with a ‘wildcard’ syntax (using a period instead of the subdomain, e.g. .domain.com). Thus supporting use-cases where the protected Virtual Server serves multiple protected subdomains.
Customers who want to increase the overall security of the application server and ensure that only valid end-users can access the service can achieve this by protecting the certificate Hash. As a result, the mobile app can only connect to their BIG-IP. Mobile Threat Control encrypts the F5 certificate Hash at the time of Fusion.
The F5 Anti-Bot SDK requires the use of a standard HTTP/HTTPS port. Some customers have configured their networks with non-standard or custom HTTP/HTTPS ports. In these cases, Host Custom Port bridges the gaps between the F5 Anti-Bot SDK and the customer’s network configuration, supporting the use of host custom ports.
Many customers want bot protection for more than one domain. Mobile Threat Control supports multiple domain protection, both for named domains and “wildcard” domains. All the protected domains have to resolve to the protected virtual server.
Appdome offers F5 Customers additional Mobile Threat Controls. These advanced features solve more complex or demanding deployments where the standard F5 anti-bot SDK isn’t sufficient. These features overcome obstacles inside apps, the infrastructure, authentication methods, and more that do not permit interaction between the app and external services.
This feature ensures that apps will be able to efficiently utilize cookies from the F5 Anti-Bot SDK and connect to protected hosts.
Multiple Cookie Manager Mediation tackles one of the hardest problems in mobile threat defense. Mobile apps that are built with secure cookie management systems interfere with the cookie exchange required for external MTD services, like the F5 Anti-Bot SDK. When this occurs, apps are unable to efficiently utilize cookies from the F5 Anti-Bot SDK, and will not be able to connect to the protected host. Rather than rebuild the app, Multiple Cookie Manager Mediation securely and dynamically retrieves, reconciles, and manages cookie exchange on behalf of in-app cookie managers and frameworks. The new app is now able to mediate between multiple cookie managers to automatically resolve cookie exchange, inclusion, and removal across multiple cookie managers inside an app. It also includes features like, Dynamic Cookie Stickiness (For iOS apps), which ensures that F5 Anti-Bot cookies will remain sticky when possible across application transitions.
This feature ensures that no connections are blocked by the BIG-IP servers and protects all the required connections with Anti-Bot protection.
This helps when F5 Anti-Bot takes several seconds to fully initialize and provide the mobile app that is trying to connect to the protected host with a valid cookie. Most mobile apps have connections to servers and external URLs other than the protected host. And as a result of the initialization delay, these connections may be blocked by the BIG-IP server. SMARTConnect waits for the valid cookie to be issued to the mobile app and thereby assures that no connections are blocked by the BIG-IP servers and protects all the required connections with Anti-Bot protection.
In order to use Appdome’s no code implementation of the F5 Anti-Bot SDK on Appdome, you’ll need:
Follow these step-by-step instructions to add F5 Anti-Bot Protection to Android & iOS Apps
Note: if you are prompted with an error message stating that your application’s Swift version is incompatible with one of the supported SDK’s Swift version please read follow the steps for Matching Versions of Swift when Fusing F5 Anti-bot SDK
Congratulations! You now have a secured mobile F5 Anti-Bot Protection
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
To zoom out on this topic, visit the Mobile Threat section on our website, or Request a demo at any time.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.