Forum Discussion

Juan_Fernando_B's avatar
Juan_Fernando_B
Icon for Nimbostratus rankNimbostratus
Jan 10, 2018

Different Applications Sharing IP address and Port in a same server

Hello, I have the following scenario, I have two applications running into a server where they share IP address and port, they are differentiated by the URL only, for example Application 1 URL is : and Application 2 URL is: . The first question is how do I handle this in order to send the traffic of both applications correctly? I know there is a way with traffic policies but is not clear for me, since there will be only one virtual server created for both applications. The second question is how I can apply different security policies since there is ASM module also needed to be installed?

 

  • Hello,

    For the good news, there's nothing complex here, just look into Local Traffic Policy feature. Both requirements can be fulfilled. Since your web-server already can distinguish between two different apps due to its own Web Server listener configuration, your BigIP configuration can be done with a single LTM pool.

    Test in your lab or staging environment the following:

    1 Virtual Server/1 Local Traffic Policy/1 LTM Pool/2 ASM policies

    Local Traffic Policy Logic:

    • Default Rule and Action - Select
      ASMpolicy1
    • Conditional Rule and Action - If HTTP path starts with
      /app2
      , select
      ASMpolicy2

    LTM Pool:

    • LTM Pool is just mapped as Default Pool in Virtual Server configuration

    Regards,

  • Hello,

    For the good news, there's nothing complex here, just look into Local Traffic Policy feature. Both requirements can be fulfilled. Since your web-server already can distinguish between two different apps due to its own Web Server listener configuration, your BigIP configuration can be done with a single LTM pool.

    Test in your lab or staging environment the following:

    1 Virtual Server/1 Local Traffic Policy/1 LTM Pool/2 ASM policies

    Local Traffic Policy Logic:

    • Default Rule and Action - Select
      ASMpolicy1
    • Conditional Rule and Action - If HTTP path starts with
      /app2
      , select
      ASMpolicy2

    LTM Pool:

    • LTM Pool is just mapped as Default Pool in Virtual Server configuration

    Regards,

    • Juan_Fernando_B's avatar
      Juan_Fernando_B
      Icon for Nimbostratus rankNimbostratus

      Thanks a lot for your answer, just to confirm, as the Default Action you mean it is the Security Policy that is configured in the regular way in the Virtual Server Policies?

       

    • Hannes_Rapp_162's avatar
      Hannes_Rapp_162
      Icon for Nacreous rankNacreous

      Virtual Server - Resources - Policies
      . Here you map that Local Traffic Policy which selects ASM policy based on best-match criteria. And you only need one Local Traffic Policy not two.

      If you have mapped your Virtual Server to ASM policies in other ways, those should be removed. This includes the default Local Traffic Policy that is created when you first create your ASM policy as per standard procedure.

  • Hello,

    For the good news, there's nothing complex here, just look into Local Traffic Policy feature. Both requirements can be fulfilled. Since your web-server already can distinguish between two different apps due to its own Web Server listener configuration, your BigIP configuration can be done with a single LTM pool.

    Test in your lab or staging environment the following:

    1 Virtual Server/1 Local Traffic Policy/1 LTM Pool/2 ASM policies

    Local Traffic Policy Logic:

    • Default Rule and Action - Select
      ASMpolicy1
    • Conditional Rule and Action - If HTTP path starts with
      /app2
      , select
      ASMpolicy2

    LTM Pool:

    • LTM Pool is just mapped as Default Pool in Virtual Server configuration

    Regards,

    • Juan_Fernando_B's avatar
      Juan_Fernando_B
      Icon for Nimbostratus rankNimbostratus

      Thanks a lot for your answer, just to confirm, as the Default Action you mean it is the Security Policy that is configured in the regular way in the Virtual Server Policies?

       

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus

      Virtual Server - Resources - Policies
      . Here you map that Local Traffic Policy which selects ASM policy based on best-match criteria. And you only need one Local Traffic Policy not two.

      If you have mapped your Virtual Server to ASM policies in other ways, those should be removed. This includes the default Local Traffic Policy that is created when you first create your ASM policy as per standard procedure.