How to Use Cloudflare's WAF with Appdome MobileBOT™ Defense

Last updated October 20, 2024 by Appdome

Overview

Web Application Firewalls (WAFs), like the one offered by Cloudflare, play a crucial role in protecting web applications from a wide range of cyber threats. Using CloudFlare Workers with Appdome’s MobileBOT™ Defense solution offers app developers a streamlined approach to protect backend APIs against malicious bots and botnets, credential stuffing attacks, DDoS, invalid traffic and other automated attacks. In this guide, you will learn how to set up Appdome MobileBOT™ Defense and mutual TLS (mTLS).

Prerequisites for Using Cloudflare Workers

For utilizing Appdome Mobile Anti-Bot Defense with CloudFlare Workers, you’ll need the following:

  • Workers
  • Workers KV
  • An Android or iOS app that is secured by Appdome MobileBOT™ Defense
  • An Appdome MobileBOT™ Defense License

Implementing Appdome MobileBOT™ Defense with Cloudflare Workers

Cloudflare Worker Setup

1. Install Wrangler CLI tool

To install Wrangler, ensure you have Node.js and npm installed, preferably using a Node version manager like Volta or nvm. Using a version manager helps avoid permission issues and allows you to change Node.js versions. Wrangler requires a Node.js version of 16.13.0 or later.

Wrangler is installed locally into each of your projects. This allows you and your team to use the same Wrangler version, control Wrangler versions for each project, and rollback to an earlier version of Wrangler, if needed.

To install Wrangler within your Worker project, run:

npm install wrangler --save-dev

 

2. Run Wrangler Login

wrangler login

 

Workers KV Setup

1. Create a KV namespace called AD_NONCES. This namespace will be utilized within the worker.

2. After establishing the namespace, copy its ID.

Kv Workers And Pages

3. Navigate to the provided folder by Appdome:

File

4. Click on the ‘wrangler.toml‘ file

5. Insert the ID number into the wrangler.toml file under kv_namespaces, specifically under the variable AD_NONCES.

6. Populate the following Appdome variables:

  • AD_TARGET
  • AD_HOST
  • AD_SHARED_SECRET
  • AD_COMPROMISED_SECRET
  • AD_HEARTBEAT_VALIDITY

The basic form of the method put() should look like this:

Sample wrangler.toml Configuration

name = "cloudflare"
main = "src/worker.ts"
compatibility_date = "2023-09-04"
node_compat = true

# Variable bindings. These are arbitrary, plaintext strings (similar to environment variables)
# Note: Use secrets to store sensitive data.
# Docs: https://developers.cloudflare.com/workers/platform/environment-variables
[vars]
AD_TARGET = "www.appdome.com"
AD_HOST = "www.appdome.com"
AD_SHARED_SECRET = "123t"
AD_COMPROMISED_SECRET = "zxc123"
AD_HEARTBEAT_VALIDITY = "60"

# Bind a KV Namespace. Use KV as persistent storage for small key-value pairs.
# Docs: https://developers.cloudflare.com/workers/runtime-apis/kv
[[kv_namespaces]]
binding = "AD_NONCES"
id = ""

 

Provide a Private RSA Key

This private key is essential for payload decryption. It matches the public key provided during the build process.

The key should be saved in plain text in the src/worker.ts file.

  1. Click on ‘src

File

2. Click on ‘worker.ts

Worker:ts

Privkey

Worker Deployment

Using the Wrangler CLI tool. Execute the following command:

npm run deploy

 

Configure Custom Domain

To set up your custom domain, please refer to the instructions on Custom Domain Setup

Setup SSL certificates and mTLS

Set up your SSL certificates via your Cloudflare environment. For a detailed guide, consult the Client Certificates documentation

Optional: If you have enabled mTLS in your Appdome fusion set, make sure to also enable Cloudflare mTLS in order for mutual authentication from both sides. Learn more about enabling mTLS.

Conclusion

By using CloudFlare Workers Server and Appdome’s MobileBOT™ Defense, you can protect your backend APIs against malicious bots and enhance the security of mobile apps. By mastering and implementing the aforementioned configurations, businesses can safeguard and optimize their mobile app traffic.

Related Articles:

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app defense easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Mobile Bot Defense

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.