For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

buzzkin's avatar
buzzkin
Icon for Altostratus rankAltostratus
Jun 29, 2023
Solved

Different policies same destination and pool

Hello, I started recently administrated a f5 big-ip waf. The previous administrator created a single virtual server for multiple websites (there are multiple SSL certificates on this virtual server...
security
  • Mohamed_Salah_'s avatar
    Mohamed_Salah_
    Jun 29, 2023

    Hello,

    Since the current setup now is using one virtual server IP for all services, and multiple ceritficates, you can create a LTM policy and start checking for the host header and based on this, apply the appropriate ASM polict based on this service.

    For example:

    Rule1:

    if host header = www.abc.com when http request, Action: apply ASM policy 1.

    Rule2:

    if host header = www.aaa.com when http request, Action: apply ASM policy 2.

    and so on, until you apply different ASM policies on all services. and then add a default rule at the end of the LTM policy, for exmaple (forward to pool x or disable ASM)

    A fter finishing the policy, you must publish it and then assign the policy to the virtual server. everytime you caan to add/modify rule, you will need first to clone it and then modify the rules, and publish the policy again.

    here is an example:

    Thanks,

buzzkin's avatar
buzzkin
Icon for Altostratus rankAltostratus
Jun 29, 2023

Just for clarifying, now we have one virtual server - multiple SSL certificates - one destination IP - one server pool.

We want to get to multiple virtual servers- one SSL certificate per virtual server - one destination IP - one server pool

Basically F5 will do the routing through virtual server only by SSL certificate assigned.

Just to confirm if that is ok, 

Thank you!