Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Apr 29, 2020

Integrate mobile application with WAF

I have mobile app and I want to integrate it with WAF , the app using api and the server ip is used in api url ex: https://x.x.x.x/api , there is no domain name used. So I have assign public IP in virtual server , and replace server ip from api to public ip , so now the server ip in pool ..

I was thinking when open mobile app it will hit the api (that contain public ip) and from WAF the VS will reach the pool (server ip) but this does not works.

 

The app does not work and there is no hit or traffic in WAF .

 

Any idea ? is there any thing missing?

application delivery
ASM Advanced WAF
devops
irule
LTM

9 Replies

Sort By
  • Samir's avatar
    Samir
    Icon for MVP rankMVP
    Apr 30, 2020

    Not sure which app you are using and need to understand application traffic flow. API security (WAF/AWAF) play key role here. So, F5 consultant may help to optimize configuration based on your need.

     

    Thanks

  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    Apr 30, 2020

    Does traffic pass through VS to backend without ASM policy?

    If no, then most probably this is not WAF issue and you need to configure VS in specific way.

     

    Thanks, Ivan

    • THE_BLUE's avatar
      THE_BLUE
      Icon for Cirrostratus rankCirrostratus
      May 02, 2020

      Actually I have test that with ASM (not blocking mode) , but I noticed that the public ip does not reach the backend server. Cuz the first page in app is a login page, when I try to enter my user and pass there is a message show "user name or pass not correct" this is when the public ip placed in api url . But when i replace public ip with the backend ip in api url the app works fine.

       

      The idea from adding public ip in api url is to pass traffic through WAF and that public ip should reach the backend ip . I don't know of this the way doing that or not.

       

      Thanks

      • Ivan_Chernenkii's avatar
        Ivan_Chernenkii
        Icon for Employee rankEmployee
        May 02, 2020

        Sorry, I am not sure, that I fully understand your use case. Could you provide some examples of request - what you send and what you expect?

        I understand, that you want to protect your mobile APP with WAF, but again - does this  configuration work without WAF? Could you check it? It will help us better to understand on what side we have an issue.

         

        Thanks, Ivan