Forum Discussion
Zebra_131802
Nimbostratus
NimbostratusASM httpclass to local policy
I am doing some work to migrate asm policies based on httpclass to local traffic policies,
Currently I have a number asm policies applied to the same virtual server through a number of httpclass...
Hannes_RappNimbostratus
NimbostratusYou do not need to define a default ASM policy. You only need to define a default ASM action which could be "ASM Disable".
Use the lp_sample for your reference.
action_default If HTTP path match is false, request will receive TCP/RST packet from F5 in response
action_conditional1 If HTTP path match is true (/parentpath/subpath/path1 or /parentpath/subpath/anotherpath), F5 will enable ASM security policy sp_securitypolicy1 action_conditional2 If HTTP path match is true (/parentpath/path2 or /parentpath/anotherpath2), F5 will enable ASM security policy sp_securitypolicy2ltm policy /Common/lp_sample {
controls { asm forwarding }
requires { http }
rules {
action_conditional1 {
actions {
0 {
asm
enable
policy /Common/sp_securitypolicy1
}
}
conditions {
0 {
http-uri
path
values { /parentpath/subpath/path1 /parentpath/subpath/anotherpath }
}
}
ordinal 2
}
action_conditional2 {
actions {
0 {
asm
enable
policy /Common/sp_securitypolicy2
}
}
conditions {
0 {
http-uri
path
values { /parentpath/path2 /parentpath/anotherpath2 }
}
}
ordinal 3
}
action_default {
actions {
0 {
forward
reset
}
1 {
asm
disable
}
}
ordinal 1
}
}
strategy /Common/best-match
}
