Corsha's Integration with F5 BIG-IP for Automated API Protection
Blog Article by Corsha
How It Works
F5 BIG-IP is a suite of hardware and software solutions designed to enhance security, reliability, and performance across networks and applications. BIG-IP’s modular design allows organizations to combine various services in flexible and customizable ways to meet specific network and application needs. Each BIG-IP service operates as a separate module but integrates seamlessly within the platform. Leveraging BIG-IP services such as Local Traffic Manager (LTM), Access Policy Manager (APM), and SSL Orchestrator, Corsha integrates seamlessly with F5 to create a Corsha Protected BIG-IP demo story.
The diagram above illustrates the process of sending a request to an upstream service through BIG-IP with a Corsha credential check:
A Corsha Authenticator sits beside the API client, adding a Corsha credential header to each request the client makes to the F5 Virtual Server.
The Virtual Server extracts the cred from the header into memory.
The configured HTTP Connector passes the cred to Corsha’s Identity Provider for validation.
If the cred is valid, the HTTP Connector forwards the request to the upstream service. If it is invalid, the request is blocked.
A response is returned to the API client.
In this integration, BIG-IP’s HTTP Connector acts as the Corsha Gatekeeper by utilizing APM and LTM BIG-IP services to perform a cred check against the Corsha Identity Provider. If these single-use MFA credentials are valid, the request is forwarded to the upstream API service. The HTTP Connector is used to manage HTTP/HTTPS traffic and allows the system to modify data like headers, cookies, and payloads, which is how we extract the Corsha credential from the header. The HTTP Connector also allows for custom traffic handling through iRules. Using an iRule, we were able to capture the Corsha credential from the HTTP request header into a perflow variable, that could then be used in the HTTP Connector Request to verify the credential against the Corsha Platform. Finally, a BIG-IP Per-Request Access Policy decides whether the request is forwarded to the API Server or forbidden, based on the Corsha Identity Provider’s response.
Key Benefits
This integration offers some key benefits:
Enhances API Protection for Automated Connections through F5 Big IP: Implements Corsha’s single-use multi-factor authentication tokens to provide an additional layer of protection for systems already using F5 Big IP as an API Gateway.
Log Forwarding for Non-Human Identity Traffic Observability: Enables custom messages to be logged and forwarded to Remote Syslog or Splunk, enhancing observability on API traffic.
Provides Granular Control Over API Access: Defines and enforces detailed access policies based on user attributes, such as one-time Corsha credentials, with BIG-IP Per-Request Policies. These policies are highly configurable and apply to each request individually.
Seamlessly Enables SSL Encryption for Automated HTTP Traffic: Easily secures HTTP traffic by enabling Client and Server SSL Encryption through BIG-IP SSL Profiles. This ensures that all data transmitted over your network is encrypted, protecting sensitive information from interception and tampering.
F5’s BIG-IP gateway provides a strong, reliable, and adaptable way to protect access to essential systems to improve security, have more precise control over access, or ensure that sensitive data is fully encrypted. BIG-IP application delivery and security software scales application traffic and secures infrastructure, whether your applications live in a private data center or in the cloud.
Corsha's integration with F5 BIG-IP enables Corsha and F5 customers to easily add dynamic identity and authentication to all automated API traffic. This integration provides observability and management over automated API connections and allows F5 customers to take it to the next level with MFA for APIs through single-use credentials via a simple HTTP Connector in F5's Access Policy Manager (APM). F5 Big-IP plus Corsha elevates automated API traffic protection by providing stronger authentication, access control, and application security monitoring.