How to configure ASM security policy using FQDN

Question

Hi All,
We have a requirement to configure a security policy in ASM using FQDN. The application is hosted in AWS, do i need a DNS server service to provide the lookup of the domain name ?
Please help me to understand.
Thanks&nbsp;

yoann_le_corvi1 · Answer

Hi&nbsp;
Not quite sure what you are trying to achieve. 
- Is your AWAF in the cloud ? On prem ?
- the application you are protecting is in the cloud it seems&nbsp;
Do you want to block requests getting to ASM without hostname ? or with a hostname not matching you app ?&nbsp;
If so I would :&nbsp;
- Create a custom Violation, a datagroup of allowed FQDN and an iRule to raise the custom violation if a Host header value does not match on in the FQDN list in the datagroup.  
&nbsp;
Let us know more in details what you want to achieve.  
&nbsp;
Yoann&nbsp;

yoann_le_corvi1 · Answer

Hi&nbsp;
Try to enable Monitor logging for all pool members and check the logs in /var/log/monitors when it starts failing.
Another hint. AS it's cloud based services, check also with them if they enabled anti DOS features ? If so you may have to reduce the frequency/interval of the monitor checking&nbsp;
Sincerely&nbsp;

Forum Discussion

How to configure ASM security policy using FQDN

Recent Discussions

Flip-flop load balancing

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

Related Content

Minimizing Security Complexity: Managing Distributed WAF Policies

Auditing Security Policy Updates

Fileless Malware, Anti-Cheat Transparency, & NGINX OSS Security Policy

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

iRule to modify a content-security-policy header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS