Forum Discussion

Torti's avatar
Torti
Icon for Cirrus rankCirrus
Jan 09, 2015

enabling ASM on VS requires Websecurity module (11.5.1)

Hi,   I have a question about the security module. I want to enable a ASM policy with ASM::enable POLICY1, but the system says   ASM::enable in rule (/Common/Irulexxx) requires an associated ...
application delivery
ASM Advanced WAF
devops
iRules
LTM
security
David_Remington's avatar
David_Remington
Icon for Employee rankEmployee
Jan 09, 2015

Torti,

 

Think of the LTM policy and the associated ASM policy in the same way as you think of a default pool on a virtual server.

 

The policy set in the LTM policy automatically created by ASM and attached to the virtual server is the one that will be used for all requests that you do NOT send to a different policy in your iRule. This is just like putting a default pool on a virtual server, but retaining the ability to choose a different pool based on URI or whatever in an iRule.

 

Note that if you are doing simple mapping of hostname/uri->ASM Policy you can add those conditions to LTM policies to use that mechanism instead of an iRule.

 

iRule is obviously more flexible so if you want to leverage iRules that works too, using ASM::policy and ASM::disable as needed based on URI or whatever.

 

Recent Discussions