Forum Discussion
F5 LTM policy to match URI and send to appropriate ASM policy
Hello, I have a problem with the policy matching. I have created "joomla_policy" which includes two rules: 1st: joomla_admin_asm_policy with those conditions: http-uri all starts-with /administrator/ /adm/ /ladmin/ /crm/admin/ /new/administrator/ http-uri all equals /administrator/ /administrator/index.php /new/administrator/index.php http-uri all contains /author/administrator/ /administrator/ /adm/
and with an Action to send traffic to ASM policy: asm enable policy /Common/Joomla_Admin_Policy
2nd default: joomla_asm_policy: asm enable policy /Common/Generic_Joomla
But i yet see matches of /administrator/index.php in the default asm rule.
Why?
3 Replies
- rob_carr
Cirrocumulus
It's difficult to debug this without seeing the configuration of your two http classes and the virtual server. Still, here's where I would start looking:
1) Have you applied both http classes to the correct VS?
2) Have you applied the http classes in the order you would like them compared to traffic ( they're ACLs, it's first match, not best match)?
3) Is it possible you are having case matching issues? http://support.f5.com/kb/en-us/solutions/public/9000/000/sol9047.html?sr=32331853
4) Have you constructed your regex correctly? http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7280.html
Hope this helps.
- Dmitry_Sherman
Nimbostratus
its 11.4 I forgot to mention, it has policies instead of classes. in 11.3 it works perfect with classes.
- Dmitry_Sherman
Nimbostratus
I found the problem, there is AND operand between conditions in the same rule.
Had to create separate conditions to achieve OR.
Thanks!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com