Forum Discussion
Single virtual server with multiple apps and ASM policies
We have a virtual server that has multiple apps associated with it and the traffic is being directed to the correct pools through an iRule. I need to setup some individual ASM policies for each app and apply them to the individual app and not a single policy to cover all of them. I know that I can in the iRule add the line to use a different ASM policy but I have had issues with logging when I do this. I see in the Local Traffic Policy properties where I can assign an ASM policy, there seems to be a rule for matching traffic there but I am not sure if I can use this option instead to identify the traffic properly and assign the ASM policy this way. I have not had issues with logging from here.
Any suggestions / ideas on this?
- Randy_Toombs
Nimbostratus
Here is a screen shot of what I am refering to.
Hi Randy,
You can assign only one ASM policy to a virtual server, not multiple.
What you could build is a layered/targeting virtual server setup. Your first virtual server will target a second "backend" virtual server instead of a pool for a specific application.
Based on host header/tls server name (use a traffic policy for this) the first virtual server will forward traffic to one of the "backend virtual servers" (Use IP addresses that the users can't reach for these virtual servers).
You can assign a ASM policy to each "backend" virtual server with the application specific security. (and a pool, application specific irules, profiles ect)
See this lightboard lesson on VIP Targeting VIP lightboard lesson
And this article for a example of the SNI routing traffic policy.
Cheers,
Kees
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com