How to Use F5 Anti-Bot in Android & iOS Apps

Last updated October 20, 2024 by Appdome

Important: Service for F5 Anti-Bot has ended as of December 31st 2023.
We invite you to upgrade to our Mobile Bot Defense solution for enhanced mobile app security. For more information, please contact our support team at support.appdome.com.

The F5 Anti-Bot SDK enables customers to detect and protect mobile applications from bot attacks. This Knowledge Base article describes how to add F5 Anti-Bot protection to Android & iOS apps and implement the SDK in less than 10 minutes –  no code or coding required.

About Adding F5 Anti-Bot Protection using Appdome

Using Appdome, mobile applications will use the F5 Anti-Bot SDK to protect applications against bots, vulnerability scanners, content scraping, and other automated attack vectors as if the code was natively added to the application. Appdome for F5 Anti-Bot is compatible with mobile applications built in any development environment including Native Android and iOS apps, hybrid applications, and non-native applications built in platforms such as Maui, Xamarin, Cordova, React Native, and Ionic. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of Anti-Bot to any mobile application.

Appdome for F5 Anti-Bot enables you to protect multiple domains, either by providing a list of domains or with a ‘wildcard’ syntax (using a period instead of the subdomain, for example: .domain.com). Thus supporting use cases where the protected Virtual Server serves multiple protected subdomains.

Key Features of Appdome for F5 Anti-Bot Protection

SECURECertificate Pinning

Customers who want to increase the overall security of the application server, and ensure that only valid end-users can access the service, can achieve this by protecting the certificate Hash. As a result, the mobile app can only connect to their BIG-IP. Mobile Threat Control encrypts the F5 certificate Hash at the time of Fusion.

Host Custom Port

The F5 Anti-Bot SDK requires the use of a standard HTTP/HTTPS port. Some customers have configured their networks with non-standard or custom HTTP/HTTPS ports. In these cases, Host Custom Port bridges the gaps between the F5 Anti-Bot SDK and the customer’s network configuration, supporting the use of host custom ports.

Support Multiple Domains

Many customers want bot protection for more than one domain. Mobile Threat Control supports multiple domain protection, both for named domains and “wildcard” domains. All the protected domains have to resolve to the protected virtual server.

Mobile Threat Control – Appdome’s advanced features for F5 AntiBot

Appdome offers F5 Customers additional Mobile Threat Controls. These advanced features solve more complex or demanding deployments where the standard F5 anti-bot SDK isn’t sufficient. These features overcome obstacles inside apps, the infrastructure, authentication methods, and more that do not permit interaction between the app and external services.

Multiple Cookie Manager Mediation

This feature ensures that apps will be able to efficiently use cookies from the F5 Anti-Bot SDK and connect to protected hosts.

Multiple Cookie Manager Mediation tackles one of the hardest problems in mobile threat defense. Mobile apps that are built with secure cookie management systems interfere with the cookie exchange required for external MTD services, like the F5 Anti-Bot SDK. When this occurs, apps are unable to efficiently utilize cookies from the F5 Anti-Bot SDK, and will not be able to connect to the protected host. Rather than rebuild the app, Multiple Cookie Manager Mediation securely and dynamically retrieves, reconciles, and manages cookie exchange on behalf of in-app cookie managers and frameworks. The new app is now able to mediate between multiple cookie managers to automatically resolve cookie exchange, inclusion, and removal across multiple cookie managers inside an app. It also includes features like, Dynamic Cookie Stickiness (For iOS apps), which ensures that F5 Anti-Bot cookies will remain sticky when possible across application transitions.

SMARTConnectTM

This feature ensures that no connections are blocked by the BIG-IP servers and provides anti-bot protection to all required connections.

This helps when F5 Anti-Bot takes several seconds to fully initialize and provide the mobile app that is trying to connect to the protected host with a valid cookie. Most mobile apps have connections to servers and external URLs other than the protected host. And as a result of the initialization delay, these connections may be blocked by the BIG-IP server. SMARTConnect waits for the valid cookie to be issued to the mobile app and thereby assures that no connections are blocked by the BIG-IP servers and protects all the required connections with Anti-Bot protection.

Prerequisites for using Appdome for F5 Anti-Bot

Using Appdome’s no code implementation of the F5 Anti-Bot SDK on Appdome requires:

3 Easy Steps to Add F5 Anti-Bot Protection to Android & iOS Apps

Follow these step-by-step instructions to add F5 Anti-Bot Protection to Android & iOS Apps

  1. Upload an Android or iOS App to Appdome’s no code security platform (.apk, .aab, or .ipa)
  2. In the Build tab, under Mobile Threat, Select F5 Anti-Bot (and your BIG IP server configurations and options)
  3. Click Build My App

BIG IP Server Configurations and Options

  1. Select F5 Anti-Bot
  2. Enter your Protected Host.
    By default, the Anti-Bot SDK operates with SSL enabled. If you would like to disable SSL, please contact Appdome support to enable the feature.

    Note:
     The FQDN (Fully Qualified Domain Name) specified here as the Protected Host will be protected by the F5 Anti-Bot solution. When the application attempts to connect to this FQDN, it will be connected to the IP of a Virtual Server defined on the BIG-IP platform. If you do not have a resolvable hostname and are using an IP address to access the host, with SSL implemented on the server-side, it is unlikely that the connection will succeed. In this case, the app might not trust the host. To mitigate this, you can use Appdome’s Auto-Pin Trusted Domainsfeature, in the Access tab, so the app will not fail on mismatching certificates. To upgrade your account with permission to the Access tab, please contact Appdome Support.
  3. Enter the verification pin you received from Appdome’s AntiBot Verification app.
  4. Support Multiple Domains  – allow you to protect more than one domain. When adding multiple domains, you can add a domain or a “wildcard” domain that has a period instead of the sub-domain.
    Note: All protected domains should resolve to the protected Virtual Server.
  5. SECUREcertificate pining – if certificate pinning is needed in your configuration, supply your F5 certificate Hash generated in the F5 Anti-Bot SDK Process.
  6. Host Custom Port – if your BIG-IP virtual server is using a non-standard HTTP/HTTPS port.
  7. Multiple Cookie Managers Mediation  – Ensures that apps will be able to efficiently utilize cookies from the F5 Anti-Bot SDK and connect to protected hosts.
  8. SMARTConnectTM –  dynamically reorder the app’s network and URL connections to align with the initialization of the AntiBot SDK.
  9. Click Build My App.

Note: if you are prompted with an error message stating that your application’s Swift version is incompatible with one of the supported SDK’s Swift version please read follow the steps for Matching Versions of Swift when Fusing F5 Anti-bot SDK

No-code integration of the F5 Anti-bot SDK in any iOS/Android app

Congratulations! You now have a secured mobile F5 Anti-Bot Protection

Success message

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

More Mobile Threat Resources

To zoom out on this topic, visit the Mobile Threat section on our website, or Request a demo at any time.
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Related Articles

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app defense easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

Appdome

Want a Demo?

Mobile Bot Defense

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.