Demo Guide: F5 Distributed Cloud CDN with WAAP (SaaS Console, Automation)
Use this guide with the provided GitHub repository of walk-through steps or Ansible scripts to explore the following scenario: deliver user applications to the edge securely with low latency and minimal compute per request at the same time with F5 Distributed Cloud (XC) Content Delivery Network (CDN) and Web App and API Protection (WAAP).
F5 CDN is built on a secure global private network to distribute apps, APIs, and services regionally and to do so securely by leveraging many of the “out-of-the-box” WAAP features of the XC Platform.
Points of presence (PoPs) on the F5 Global Network make it possible to run workloads close to users to improve application performance. Apps can be deployed, managed, and secured everywhere: across multiple public and private clouds, edge locations, and on-premises environments.
This demo guide explores the capabilities of F5 XC CDN features integrated with WAAP in both a step-by-step guide and by using automation scripts in Ansible. The goal is to deploy a sample app “BuyTime Online”, representative of a typical scenario of an e-Commerce online store. This example combines CDN with WAAP, allowing organizations that use F5 XC to deliver their apps and services globally while protecting their deployments with WAF policies.
The guide offers two ways to complete the configuration:
- Manually via the F5 XC console completing the flow step-by-step
- Automatically via the included Ansible scripts
First, an HTTP Load Balancer is set up with an App Firewall protection for the sample app. Redirect to HTTPS is enabled and an origin pool for the services is created. Blocking mode for the App Firewall is switched on meaning that the Distributed Cloud WAF will take mitigation action on offending traffic.
Afterward, we configure CDN, resulting in a high-performing low-latency content delivery via the Global Network. The resulting CDN-backed app is tested to showcase lowering the load time for the app with CDN, while some of the attempted malicious payloads are blocked by WAAP services in CDN.
In summary, this demo guide supports integrated security and content caching capabilities provided by F5 XC CDN and WAAP. Among the many benefits of this combined solution, there is the capability to use security policies anywhere across platforms and clouds, while ensuring content caching and containerized edge-based workloads for apps running close to users via the Global Network.
Visit the following resources for more information:
- GitHub repository with the step-by-step guide to set up and configure CDN with WAF
- Technical Article outlining service chaining of WAAP and CDN
- CDN product page
- WAF product page
- API Security product page