NGINX Modern Apps > Class 16 - Beyond Models: A Practical Guide to Protecting Your AI-Powered Apps > Protecting the Application Source | Edit on

Secure the Application¶

Securing the ChatBot is very important but before doing that even more important is securing the full application.

In order to achive this we will do a WAAP config protection on our application which at the same time will actually help us some of the OWASP Top 10 GeniAi attacks.

We will enable and configure the following:

App Firewall - F5XC Web Application Firewall based on negative security
API discovery and protection based on Arcadia Crypto OpenApi Spec which will allow us to protect the APIs and enforce positive security
Bot protection

We have already published the application, now we will finish the security configuration.

We will start by configuring our App Firewall policy

Web App & API Protection → App Firewall → Add App Firewall → Fill the bellow data → Save and Exit

Object Value

Name arcadia-waf

Enforcement Mode blocking
Create an API definition based on the pre uploaded Arcadia Crypto OpenApi Spec

Web App & API Protection → Api Management → Api Definition → Add API Definition → Fill the bellow data → Save and Exit

Object Value

Name arcadia-api-definition

OpenAPI Specification Files Add Item → shared/api-arcadia-oas/v1-25-02-02
Now we will go to the Load Balancer config and do the rest:

Web App & API Protection → Load Balancers → HTTP Load Balancer → Click the 3 dots under the arcadia-re-lb row → Manage Configuration → Edit Configuration
1. Attach the Web Application Firewall policy to the HTTP Load Balancer
  
  Object Value
  
  Web Application Firewall (WAF) Enable
  
  Enable <dynamic namespace>/arcadia-waf
2. Enable BOT protection
  
  Object Value
  
  Bot Defense Enable
  
  Bot Defense Region US
  
  On the same place click Configure under Bot Defense Policy → Configure → Add Item → Fill the bellow data → Apply → Apply → Apply
  
  Object Value
  
  Name chatbot
  
  HTTP Methods POST
  
  Endpoint Label Undefined
  
  Prefix /v1/ai/chat
  
  Select Bot Mitigation action Block
3. Enable API Discovery and API Protection
  
  Object Value
  
  API Discovery Enable
  
  API Definition Enable → Choose <dynamic namespace>/arcadia-api-definition
  
  Validation API Inventory
  
  Click View Configuration under API Inventory → Fill in the bellow config
  
  Object Value
  
  Request Validation Enforcement Type Block
  
  Request Validation Properties Enable all options
  
  Fall Through Mode Custom
  
  Click Configure under Custom Fall Through Rule List → Add Item → Fill in the bellow config → Apply → Apply → Apply → Save and Exit
  
  Object Value
  
  Name only-apis
  
  Action Block
  
  Type Base Path
  
  Base Path /v1

Object	Value
Name	arcadia-waf
Enforcement Mode	blocking

Object	Value
Name	arcadia-api-definition
OpenAPI Specification Files	Add Item → shared/api-arcadia-oas/v1-25-02-02

Object	Value
Web Application Firewall (WAF)	Enable
Enable	<dynamic namespace>/arcadia-waf

Object	Value
Bot Defense	Enable
Bot Defense Region	US

Object	Value
Name	chatbot
HTTP Methods	POST
Endpoint Label	Undefined
Prefix	/v1/ai/chat
Select Bot Mitigation action	Block

Object	Value
API Discovery	Enable
API Definition	Enable → Choose <dynamic namespace>/arcadia-api-definition
Validation	API Inventory

Object	Value
Request Validation Enforcement Type	Block
Request Validation Properties	Enable all options
Fall Through Mode	Custom

Object	Value
Name	only-apis
Action	Block
Type	Base Path
Base Path	/v1

Previous Next

NGINX Modern Apps > Class 16 - Beyond Models: A Practical Guide to Protecting Your AI-Powered Apps > Protecting the Application Source | Edit on

Secure the Application¶

HAVE A QUESTION?

About F5

Education

F5 sites

Support Tasks

NGINX Modern Apps > Class 16 - Beyond Models: A Practical Guide to Protecting Your AI-Powered Apps > Protecting the Application Source | Edit on

Secure the Application¶

HAVE A QUESTION?

FOLLOW US

About F5

Education

F5 sites

Support Tasks