For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sammi's avatar
Sammi
Icon for Altocumulus rankAltocumulus
Mar 13, 2020
Solved

Select different security policy depending on host name

Is it possible to create and apply a Local Traffic Policy or iRule on a Virtual server that selects different security policies (ASM), depending on the host name of the http request ?

 

I know one can forward the traffic to other Virtual Servers with different policies applied, but I wonder if it is possible to accomplish the same on the one Virtual Server together with iRules or traffic policies.

 

Example, when traffic reaches a standard Virtual Server:

When target host name is hostname1.com, iRule or local traffic policies applies ASM Security Policy "hostname1_SP" on the Virtual Server

When target host name is hostname2.com, iRule or local traffic policies applies ASM Security Policy "hostname2_SP" on the Virtual Server

application delivery
ASM Advanced WAF
BIG-IP
iRules
local traffic policy
  • Erik_Novak's avatar
    Erik_Novak
    Mar 13, 2020

    Create a Local Traffic Policy with a custom rule that filters on host name and then sends requests to a specific asm policy based on that criterion. Here's the GUI in 14.1:

3 Replies

  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Mar 13, 2020

    Hi Sammi,

     

    Yes it is possible to attached more then one ASM policy to a virtual server (it was not in the past). Apply a traffic policy to the vs and based on hostname or uri select an ASM policy. (as in your example) (tested on 13.1.3.2)

     

    Cheers,

     

    Kees

  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Mar 13, 2020

    Create a Local Traffic Policy with a custom rule that filters on host name and then sends requests to a specific asm policy based on that criterion. Here's the GUI in 14.1: