The F5 Anti-Bot SDK allows users to detect and protect mobile applications from bot attacks.
This Knowledge Base article describes the F5 Anti-Bot SDK no code integration and explains how to upgrade any mobile application with it in minutes, no code or coding required.
About No Code F5 Anti-Bot Integration on Appdome
Using Appdome, mobile applications will use the F5 Anti-Bot SDK to protect applications against bots, vulnerability scanners, content scraping, and other automated attack vectors as if the code was natively added to the application. Appdome for F5 Anti-Bot is compatible with mobile applications built in any development environment including Native Android and iOS apps, hybrid applications and non-native applications built in Xamarin, Cordova, and React Native, Ionic and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of Anti-Bot to any mobile application.
Appdome for F5 Anti-Bot enables you to protect multiple domains, either by providing a list of domains or with a ‘wildcard’ syntax (using a period instead of the subdomain, e.g. .domain.com). Thus supporting use-cases where the protected Virtual Server serves multiple protected subdomains.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on any networking API inside the application. The Appdome technology adds F5’s Anti-Bot the application automatically, with no manual development work at all.
Prerequisites for using Appdome for F5 Anti-Bot
In order to use Appdome’s no code implementation of the F5 Anti-Bot SDK on Appdome, you’ll need:
- Appdome account
- Appdome-DEV access
- Mobile application (.ipa for iOS, or .apk for Android)
If you are using a Swift iOS application it will need to use a supported Swift version, see: matching Swift versions with apps and an SDK
- A server protected by F5’s BIG-IP
- Your BIG-IP certificate hash (optional) – if you configured your BIG-IP system to support certificate pinning, for more info see: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/43.html
- Signing Credentials (e.g. signing certificates and provisioning profile)
How to Add the F5 Anti-Bot SDK to Any Mobile App on Appdome
Follow these step-by-step instructions to add F5’s Anti-Bot SDK to any mobile app:
Upload a Mobile Application to Your Account
From the Build tab, Add F5 Anti-Bot
Select the Build Tab. Note: a blue underline will appear showing the step is active
Beneath the Build Tab, you will find several service options. Select Mobile Threat category. Note: a blue highlight will appear showing the category is active.
- Under Service Selection enable Mobile Threat Services. From the drop-down list, select F5 Anti-Bot
- Enter your Protected Host
Note: by default, the Anti-Bot SDK operates with SSL enabled. If you would like to disable SSL, please contact us to enable the feature.
- If you have an Appdome-GO license, you can use a Host Custom Port, if you’re BIG-IP virtual server is using a non-standard http/https port.
- Supply your BIG-IP certificate hash, if certificate pinning is needed in your configuration (optional).
- You can enable Delay Out-of-Band Connectivity for your Fused application. When the toggle is on, the app communication with non Big-IP resources will be blocked until Anti-Bot service will be available. When the toggle is off, will allow the Fused application to communicate with Big-IP resources even when the Anti-Bot service is unavailable.
- Smart connect delays the application outbound connections to the Anti-Bot domain, except the connections needed for the successful initialisation of the Anti-Bot SDK. The connections are delayed until the Anti-Bot SDK has finish the initialisation process.
- If the application handles its own cookies, then the application cookie management may interfere with the cookie exchange required for the Anti-Bot initialisation process. Smart Cookie Management will intelligently apply and reconcile cookies based on cookie managers and frameworks included in the app. If the Dynamic Cookie Stickiness toggle is enabled, Anti-Bot cookies will remain sticky when possible across application transitions.
- Optionally, toggle Multiple Domains if you want to protect more than one domain.
Note: All protected domains should resolve to the protected Virtual Server.
- When adding multiple domains, you can add a domain or a “wildcard” domain that has a period instead of the sub-domain (as can be seen in the image below)
- Click Build My App.
Note: if you are prompted with an error message stating that your application’s Swift version is incompatible with one of the supported SDK’s Swift version please read follow the steps for Matching Versions of Swift when Fusing F5 Anti-bot SDK
Note: The FQDN (Fully Qualified Domain Name) specified here as the Protected Host will be protected by the F5 Anti-Bot solution. When the d application attempts to connect to this FQDN, it will be connected to the IP of a Virtual Server defined on the BIG-IP platform. See below (1). After policies are enforced by the BIG-IP platform, traffic is forwarded to the server defined as a pool member. (2).
Note: If you do not have a resolvable hostname and you are using an IP address to access the host, and you have SSL implemented on the server side, it is unlikely that the connection will succeed, since the app might not trust the host. To mitigate this, you can use our Auto-Pin Trusted Domains feature, in the Access tab, so the app will not fail on mismatching certificates:
The technology behind Build My App has two major elements – (1) a microservice architecture filled with thousands of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognise the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add the F5 Anti-Bot SDK to the mobile app in seconds.
Congratulations! You now have a mobile app fully integrated your mobile application with the F5 Anti-Bot.
After Adding F5 Anti-Bot to a Mobile App on Appdome
After you have added the F5 Anti-Bot SDK to any mobile application on Appdome, there are a few additional steps needed to complete your mobile upgrade project.
Please view the article here on How to Complete My Mobile Integration Project After I Build My App.
That is it – Enjoy your application that has been integrated with the F5 Anti-Bot Mobile SDK.
How Do I Learn More?
To zoom out on this topic, visit the Mobile Threat section on our website or Request a demo at any time.
If you have any questions, please send them our way at email@example.com or via the chat window on the Appdome platform.