Forum Discussion

Preet_pk's avatar
Icon for Cirrus rankCirrus
Mar 17, 2022

ASM Policy


We have multiple web applications running on a single Virtual server with host/domain based pool routing.

For eg:


switch [string tolower [HTTP::host]] { {
pool Red_Pool1 } {
pool Green_Pool1 }


Just want to know if i need to apply ASM policy, do i need to apply seperate ASM policy one for "" & "" or a single ASM policy for both domain.

Will ASM policy works from top to bottom?


1 Reply

  • Hello, you can use ASM::policy syntax to attach a different policy.

    • This requires that you have at least a minimal ASM Policy attached to the Virtual Server for the ASM commands to become available.
    • If you don't use ASM::enable or ASM::disable syntax, default policy applied to VS will be applied to traffic


    when HTTP_REQUEST {
      switch [string tolower [HTTP::host]] { {
          pool Red_Pool1
          ASM::enable <policy1> 
        } { 
          pool Green_Pool1 
          ASM::enable <policy2>



    Regarding your question about using different policies, it very much depends on the portals you're protecting.

    I would recommend doing so if the application are very different, as a single "do it all" policy will loosen up the protection because you'll need to enable a lot of things required to make one portal work that might expose threats on the other one, and vice versa.