Forum Discussion
NimbostratusLogical operands within Local Traffic Policy
Hi all.
I have a question regarding Local Traffic Policy matching. From F5 Manual I understand, that either logical AND or logical OR can be applied when combining rules or conditions within rules. I do need some further elaboration here.
Can someone please post an example of such syntax (where to put OR / AND operand). Or is there is a default between values/conditions/rules.
- For instance, I want to create a LTP rule, that would hit ASM policy 1 in case "http-host" header matches "site1.com" OR "site2.com".
- In second example, I want to create a LTP rule, that would hit ASM policy 2 in case "http-host" header matches "site3.com" AND "user-agent" equals "firefox".
Thank you!!
11 Replies
- svs
Cirrostratus
Hi,
when you add several conditions, they are combined using a logical AND. When you add several values wihtin one condition, they are combined using a logical OR.
Example: 1. Rule Add two values within the condition of http-host equals "site1.com" OR "site2.com". 2. Rule Add two conditions. The first check the http-host equals to "site3.com" and the second condition checks the user-agent contains "firefox".
Is this clear?
Regards, svs
mm_pen_242283SVS, thank you for your quick reply.
Just to clarify. For the 1st scenario, literally site1.com OR site2.com should be put in the ASM >> Rule Properties >> Conditions >> Values field? Attached is an example (the thing is, ASM allows one to put arbitrary match keywords inside "Value" field).
- svs
No, absolutely not. You put in two values, each after the other.
- enter "site1.com" and click "Add".
- enter "site2.com" and click "Add".
- Click "Add" below, to add the condition.
Unfotunately I don't have a v11 or v12.0 running at the moment. Otherwise I would take a screenshot of the configuration. In v12.1 this looks completely different.
- mm_pen_242283
I am running 11.6 and honestly I am a bit confused with the GUI when using Local Traffic Policies. So how do you know that in above example, logical "OR" (|) would be used, as opposed to logical "AND" (&).
What would be an alternative for scenario 2 (where logical AND was needed; http-host=="site3.com" AND user-agent=="firefox")?
Stephan_MierauEmployee
keep it simple, create a policy and then four rules:
1. rule1 with host header www.abc.com pointing to asm policy1
2. rule2 with host header www.xyz.com pointing to asm policy1
3. rule3 with host header www.site3.com and a second condition the user-agent firefox pointing to asm policy2
4. a default rule if none of the above is matched
brunocalcadoHello everybody,
About this subject, I have a question. Actually, I must deploy the rules below :
1 - if * ---> action : use Pool-1
2 - if * ---> action : use Pool-2
My difficulty here is how to differentiate the path fd/* and /* ? Because if I don't put the correct condition, I think that the "fd/" would be interpretated as part of the stat '' of the path 1, "/*".
So, I have some examples. Conditions that selects the Pool-1 :
-----> We have here "fd/", but it doesn't start the path after the url-host, so, it enters in the case of Pool-1.
Conditions that selects the Pool-2 :
Could you please help me with this ? Is the strategy important here ? The rule that treats the "fd" case must come before the general rule "/" ?
Thanks a lot. Best regards.
- svs
Basically it's up to your policy strategy, how the policy matches the rules. If your strategy is "first-match", you only need to make sure, that the order of the rules is correct and reflects your needs. So with first-match your rules should look like this:
Rule 1Condition 1: Host Header matches
Condition 2: URI starts_with /fd/
Action: Pool2
Rule 2Condition 1: Host Header matches
Condition 2: URI starts_with /
Action: Pool1In this the case the rules will be evaluated by order and the first rule, where the condition matches the current connection, will be processed.
Maybe it would be simpler to understand Rule 2 as the default rule and don't use any conditions. Every policy I create has a default rule at the bottom, without using any conditions and only execute an action.Hope that helps and makes things more clear.
Greets,
svs - brunocalcado
Thanks a lot Sven. I will test on monday. Your solution with de default rule can help me a lot.
Have a nice weekend. BC
brunocalcado_31Hello everybody,
About this subject, I have a question. Actually, I must deploy the rules below :
1 - if * ---> action : use Pool-1
2 - if * ---> action : use Pool-2
My difficulty here is how to differentiate the path fd/* and /* ? Because if I don't put the correct condition, I think that the "fd/" would be interpretated as part of the stat '' of the path 1, "/*".
So, I have some examples. Conditions that selects the Pool-1 :
-----> We have here "fd/", but it doesn't start the path after the url-host, so, it enters in the case of Pool-1.
Conditions that selects the Pool-2 :
Could you please help me with this ? Is the strategy important here ? The rule that treats the "fd" case must come before the general rule "/" ?
Thanks a lot. Best regards.
- svs
Basically it's up to your policy strategy, how the policy matches the rules. If your strategy is "first-match", you only need to make sure, that the order of the rules is correct and reflects your needs. So with first-match your rules should look like this:
Rule 1Condition 1: Host Header matches
Condition 2: URI starts_with /fd/
Action: Pool2
Rule 2Condition 1: Host Header matches
Condition 2: URI starts_with /
Action: Pool1In this the case the rules will be evaluated by order and the first rule, where the condition matches the current connection, will be processed.
Maybe it would be simpler to understand Rule 2 as the default rule and don't use any conditions. Every policy I create has a default rule at the bottom, without using any conditions and only execute an action.Hope that helps and makes things more clear.
Greets,
svs - brunocalcado_31
Thanks a lot Sven. I will test on monday. Your solution with de default rule can help me a lot.
Have a nice weekend. BC
