Forum Discussion
ushan
Altocumulus
AltocumulusMultiple application in single server
I have a server which hosts multiple applications, like; example1.max.com, example2.max.com, example3.max.com and so on. I have only one server so I could make only one Node in F5 and all the appli...
Hi,
So what i'd do, is a setup called VIP targeting VIP. Basically its like layer 7 nat! (google f5 vip targeting vip for a youtube video)
So one Virtual server on the front with a IP/VIP. Where traffic that is on the network,
(It doesn't need a pool)
Then setup as many virtual servers as you want for each server so something like
example1-VS
example3-VS
example3-VS
all configured normally with pools and every as per normal. Making sure you set a HTTP profile so the f5 understands the HTTP header!
Then you setup a policy that has some like
If HTTP Host contains example1.max.com forward traffic to example1-VS
then
If HTTP Host contains example2.max.com forward traffic to example2-VS
etc etc
So when traffic hits the external VS, it can read the header and then forward it the the correct virtual server,
Now where this is important is you can now assign a different ASM policy to each exampleXXX-VS you create without any issues.
You can also attach DOS and other services purely on the external IP, and keep the layer3-4 and layer7 controls independant.
If you need screenshots let me know.
Fletch
Kevin_Stewart
Employee
EmployeeVIP targeting is definitely a useful approach.
You could also simply attach an LTM policy to the application VIP to dynamically assign the WAF policy based on HTTP Host.
- CPM policy
- Rule 1: HTTP Host is www.example1.max on request -> enable asm (waf_policy_a)
- Rule 2: HTTP Host is www.example2.max on request -> enable asm (waf_policy_b)
- Rule 3: HTTP Host is www.example3.max on request -> enable asm (waf_policy_c)
- Rule 4: disable asm on request