Forum Discussion
hooleylist
Dec 02, 2010Cirrostratus
Hi Packeteer,
That all sound do-able. It's similar to a government implementation I worked on a while back. I would check with an F5 SE though to get detailed feedback. You'd be able to share more exact details on the scenario and get more exact recommendations.
If you have a lot of standalone ASM units I would try to minimize the number of policies you create. In current versions, you'll need to manually synchronize policy changes across the units. That's not so bad, but you will have to check each unit individually for policy building and/or learning suggestions. If you can get away with using jus tone ASM policy, I would actually recommend using a single HTTP class with no filters and no pool. You could then use an iRule to select the pool based on the URL.
If you rewrite the URI in an iRule in HTTP_REQUEST, this will be done before the HTTP class URI evaluation is done. But again, I wouldn't suggest using HTTP classes to filter the traffic as this would require multiple ASM policies.
Lastly, I'd try posting in the main iRule thread rather than this General Discussion forum. You'll get more eyes on your post that way.
http://devcentral.f5.com/Forums/tabid/53/afv/topicsview/aff/5/Default.aspx
Aaron