Forum Discussion
CirrusASM Policy
Hi,
We have multiple web applications running on a single Virtual server with host/domain based pool routing.
For eg:
red.lab.ae
blue.labe.ae
irule:
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
red.lab.ae {
pool Red_Pool1 }
green.lab.ae {
pool Green_Pool1 }
}
}
Just want to know if i need to apply ASM policy, do i need to apply seperate ASM policy one for "red.lab.ae" & "green.lab.ae" or a single ASM policy for both domain.
Will ASM policy works from top to bottom?
1 Reply
CA_ValliMVP
Hello, you can use ASM::policy syntax to attach a different policy.
- This requires that you have at least a minimal ASM Policy attached to the Virtual Server for the ASM commands to become available.
- If you don't use ASM::enable or ASM::disable syntax, default policy applied to VS will be applied to traffic
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { red.lab.ae { pool Red_Pool1 ASM::enable <policy1> } green.lab.ae { pool Green_Pool1 ASM::enable <policy2> } } }Regarding your question about using different policies, it very much depends on the portals you're protecting.
I would recommend doing so if the application are very different, as a single "do it all" policy will loosen up the protection because you'll need to enable a lot of things required to make one portal work that might expose threats on the other one, and vice versa.
