Forum Discussion

Nimbostratus

Dec 03, 2014

cascading asm policy

Hi, I do have web servers who needs more then one ASM policies because we want to have one global policy and one specific policy. Within the webUI there is a way to configure such thing with LTM...

Nimbostratus

Dec 03, 2014

according to F5 support this does not work:

Each Web application should have its own ASM policy, where configuration is made specifically to that web application.

The ASM policies can all be based on a basic ASM policy, and any change to a specific web application should be done in the specific ASM policy for that web application.

The only method of getting a layered ASM policy structure is to have the LTM policy rules referring to different ASM policies in different rules, based on some condition.

For example: Rule 1 - if URI starts with /site1/, send to ASM policy /site1-ASM-policy Rule 2 - if URI starts with /site2/, send to ASM policy /site2-ASM-policy

Assigning 2 actions of referring to 2 different ASM policies in the same rule and the same condition is not going to work. A single request is going to match that condition, but it won't be clear which ASM policy should process that request.

However I am also looking for some creative solution here as I am sure there must be some way on BIG-IP to achieve such a simple requirement.

Andreas

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)