How to configure ASM security policy using FQDN

Question

Hi All,
We have a requirement to configure a security policy in ASM using FQDN. The application is hosted in AWS, do i need a DNS server service to provide the lookup of the domain name ?
Please help me to understand.
Thanks&nbsp;

yoann_le_corvi1 · Answer

Hi&nbsp;
Not quite sure what you are trying to achieve. 
- Is your AWAF in the cloud ? On prem ?
- the application you are protecting is in the cloud it seems&nbsp;
Do you want to block requests getting to ASM without hostname ? or with a hostname not matching you app ?&nbsp;
If so I would :&nbsp;
- Create a custom Violation, a datagroup of allowed FQDN and an iRule to raise the custom violation if a Host header value does not match on in the FQDN list in the datagroup.  
&nbsp;
Let us know more in details what you want to achieve.  
&nbsp;
Yoann&nbsp;

yoann_le_corvi1 · Answer

Hi&nbsp;
Try to enable Monitor logging for all pool members and check the logs in /var/log/monitors when it starts failing.
Another hint. AS it's cloud based services, check also with them if they enabled anti DOS features ? If so you may have to reduce the frequency/interval of the monitor checking&nbsp;
Sincerely&nbsp;

Forum Discussion

How to configure ASM security policy using FQDN

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Quarterly Security Notification October 2025

Minimizing Security Complexity: Managing Distributed WAF Policies

Auditing Security Policy Updates

Configuring Endpoint Security (Client-Side) Using F5 Access Policy Manager (APM)

iRule to modify a content-security-policy header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS