How does the BIG-IP process multiple LTM policies on a virtual server?

Just a public service announcement in case other people land at this page:

One thing to be aware of with multiple LTM policies is that you cannot attach multiple policies to a VS if those policies have 'conflicting controls' - this means that the policies use the same controls. 

I was setting up a tier 1 VS (in the "VIP targeting VIP style", see this Subreddit post for more info) where the HTTP Host field would be used to forward traffic to a different VS.  For various reasons our organisation wanted to use one LTM policy on the tier 1 VS per 'child' virtual server, rather than one policy with multiple rules (i.e. one rule per child VS).  So I did the following on a dev box:

1. Create a VS "T1" acting as the tier 1.  Create two dummy VSes "A" and "B".
2. Create two datagroups "A" and "B".  "A" contains "test.com", "B" contains "google.com"
3. Create & publish LTM policy "A" with rule to match the HTTP Host header against datagroup A, action: forward to virtual server "A".
4. Create & publish LTM policy "B" with rule to match the HTTP Host header against datagroup B, action: forward to virtual server "B".
5. Attach LTM policy A to VS "T1"
6. Attach LTM policy B to VS "T1"

When you attempt step 6, this will fail with the following error:

"010716fd:3: Virtual Server /build_test/T1' cannot contain policies with conflicting controls."

This is documented by F5 here: https://my.f5.com/manage/s/article/K55864758

Because we have our reasons for not wanting to use the rule-per-VS approach we will fall back to using an iRule which targets a datagroup.