The F5 Anti-Bot SDK allows users to detect and protect mobile applications from bot attacks.
This Knowledge Base article describes the F5 Anti-Bot SDK no-code integration and explains how to upgrade any mobile application with it in minutes, no code or coding required.
About No Code F5 Anti-Bot Integration on Appdome
Using Appdome, mobile applications will use the F5 Anti-Bot SDK to protect applications against bots, vulnerability scanners, content scraping, and other automated attack vectors as if the code was natively added to the application. Appdome for F5 Anti-Bot is compatible with mobile applications built in any development environment including Native Android and iOS apps, hybrid applications and non-native applications built in Xamarin, Cordova, and React Native, Ionic and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of Anti-Bot to any mobile application.
Appdome for F5 Anti-Bot enables you to protect multiple domains, either by providing a list of domains or with a ‘wildcard’ syntax (using a period instead of the subdomain, e.g. .domain.com). Thus supporting use-cases where the protected Virtual Server serves multiple protected subdomains.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on any networking API inside the application. The Appdome technology adds F5’s Anti-Bot the application automatically, with no manual development work at all.
Prerequisites for using Appdome for F5 Anti-Bot
In order to use Appdome’s no code implementation of the F5 Anti-Bot SDK on Appdome, you’ll need:
- Appdome account
- Appdome-DEV access (Required for Appdome’s Mobile Threat Control advanced features for F5 AntiBot)
- Mobile application (.ipa for iOS, or .apk for Android)
If you are using a Swift iOS application, please verify it has been compiled with a supported Swift version
- A server protected by F5’s BIG-IP
- Your BIG-IP certificate hash (optional) – if you configured your BIG-IP system to support certificate pinning, for more info see: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/43.html
- Signing Credentials (e.g. signing certificates and provisioning profile)
How to Add the F5 Anti-Bot SDK to Any Mobile App on Appdome
Follow these step-by-step instructions to add F5’s Anti-Bot SDK to any mobile app:
Upload a Mobile Application to Your Account
From the Build tab, Add F5 Anti-Bot
Select the Build Tab. Note: a blue underline will appear showing the step is active
Beneath the Build Tab, you will find several service options. Select the Mobile Threat category. Note: a blue highlight will appear showing the category is active.
- Under Service Selection enable Mobile Threat Services. From the drop-down list, select F5 Anti-Bot
- Enter your Protected Host.
By default, the Anti-Bot SDK operates with SSL enabled. If you would like to disable SSL, please contact Appdome support to enable the feature.
Note: The FQDN (Fully Qualified Domain Name) specified here as the Protected Host will be protected by the F5 Anti-Bot solution. When the application attempts to connect to this FQDN, it will be connected to the IP of a Virtual Server defined on the BIG-IP platform.If you do not have a resolvable hostname and you are using an IP address to access the host, with SSL implemented on the server-side, it is unlikely that the connection will succeed. In this case, the app might not trust the host. To mitigate this, you can use Appdome’s Auto-Pin Trusted Domainsfeature, in the Access tab, so the app will not fail on mismatching certificates. To upgrade your account with permission to the Access tab, please contact Appdome Support.
Note: if you are prompted with an error message stating that your application’s Swift version is incompatible with one of the supported SDK’s Swift version please read follow the steps for Matching Versions of Swift when Fusing F5 Anti-bot SDK
Mobile Threat Control – Appdome’s advanced features for F5 AntiBot
Appdome offers F5 Customers the Mobile Threat Control advances features set. These advanced features solve more complex or demanding deployments where the standard F5 anti-bot SDK isn’t sufficient. These features overcome obstacles inside apps, the infrastructure, authentication methods and more that do not permit interaction between the app and external services.
To upgrade your account to Partner Ideal-DEV account, please contact Appdome Support.
SMARTInitialization tackles one of the hardest problems in mobile threat defense. Mobile apps that are built with secure cookie management systems interfere with the cookie exchange required for external MTD services, like the F5 Anti-Bot SDK. When this occurs, apps are unable to efficiently utilize cookies from the F5 Anti-Bot SDK, and will not be able to connect to the protected host. Rather than rebuild the app, SMARTInitialization securely and dynamically retrieves, reconciles and manages cookie exchange on behalf of in-app cookie managers and frameworks. SMARTInitialization can mediate between multiple cookie managers to automatically resolve cookie exchange, inclusion, and removal across multiple cookies managers inside an app. SMARTInitialization also includes features like, Dynamic Cookie Stickiness (For iOS apps), that ensures that F5 Anti-Bot cookies will remain sticky when possible across application transitions.
The F5 Anti-Bot can take several seconds to fully initialize and provide the mobile app that is trying to connect to the protected host with a valid cookie. Most mobile apps have connections to servers and external URLs other than the protected host. And as a result of the initialization delay, these connections may be blocked by the BIG-IP server. SMARTConnect waits for the valid cookie to be issued to the mobile app and thereby assures that no connections are blocked by the BIG-IP servers and protects all the required connections with Anti-Bot protection.
Customers who want to increase the overall security of the application server and ensure that only valid end-users can access the service can achieve this by protecting the certificate Hash. As a result, the mobile app can only connect to their BIG-IP. Mobile Threat Control encrypts the F5 certificate Hash at time of Fusion.
Host Custom Port
The F5 Anti-Bot SDK requires the use of a standard HTTP/HTTPS port. Some customers have configured their networks with non-standard or custom HTTP/HTTPS ports. In these cases, Mobile Threat Control bridges the gaps between the F5 Anti-Bot SDK and the customer’s network configuration, supporting the use of host custom ports.
Support Multiple Domains
Many customers want bot protection for more than one domain. Mobile Threat Control supports multiple domain protection, both for named domains and “wildcard” domains. All the protected domains have to resolve to the protected virtual server.
How to Add Mobile Threat Control to Any Mobile App on Appdome
Follow these step-by-step instructions to add Mobile Threat Control to any mobile app:
Expend the Mobile Threat Control Catagory:
- SMARTInitializationTM – SmartInitialization dynamically reconciles and resolve cookie exchange on behalf of internal cookie managers and frameworks included in the app.
- Multiple Cookie Managers Mediation – automatically resolve cookie changes, inclusion, and removal across multiple cookies managers.
- Dynamic Cookie Stickiness (For iOS apps) – AntiBot cookies will remain sticky when possible across application transitions.
- SMARTConnectTM – dynamically reorder the app’s network and URL connections to align with the initialization of the AntiBot SDK.
- SECUREcertificate pining – if certificate pinning is needed in your configuration, supply your F5 certificate Hash generated in the F5 Anti-Bot SDK Process.
- Host Custom Port – if you’re BIG-IP virtual server is using a non-standard HTTP/HTTPS port.
- Support Multiple Domains – allow you to protect more than one domain. When adding multiple domains, you can add a domain or a “wildcard” domain that has a period instead of the sub-domain.
Note: All protected domains should resolve to the protected Virtual Server.
- Click Build My App.
The technology behind Build My App has two major elements – (1) a microservice architecture filled with thousands of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognise the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add the F5 Anti-Bot SDK to the mobile app in seconds.
Congratulations! You now have a mobile app fully integrated your mobile application with the F5 Anti-Bot.
After Adding F5 Anti-Bot to a Mobile App on Appdome
After you have added the F5 Anti-Bot SDK to any mobile application on Appdome, there are a few additional steps needed to complete your mobile upgrade project.
Please view the article here on How to Complete My Mobile Integration Project After I Build My App.
That is it – Enjoy your application that has been integrated with the F5 Anti-Bot Mobile SDK.
How Do I Learn More?
To zoom out on this topic, visit the Mobile Threat section on our website or Request a demo at any time.
If you have any questions, please send them our way at email@example.com or via the chat window on the Appdome platform.