27-Dec-2022 05:00 - edited 04-Jan-2023 07:12
By default, F5 Distributed Cloud Platform supports WAF and routing at the domain level i.e the origin pool associated with the Load balancer. F5 Distributed Cloud WAF provides the feasibility to create multiple routes with specific paths and attach the WAF rules individually on each path. This article is specifically demonstrating the above use case.
In general, when a load balancer of host type HTTP/HTTPS, the request can be further matched based on parameters like URLs, headers, query parameters, http methods, etc. Once the request is matched, it can be sent to a specific endpoint based on the routing configuration and policy rules.
The route object is used to configure L7 routing decision and is made of 3 things.
Parameters offered per route configuration:
In this demo we will see how to forward a HTTP request depending on the route configuration and their associated WAF rules from F5 Distributed Cloud Services to origin server endpoints.
we are using
We shall see the demonstration in the below video to know the flow of how to configure and validate F5 Distributed Cloud Per-Route WAF Policy.
Step 1: Origin Pool Creation
Step 2: Load Balancer with Route config and WAF Rules
Step 3: Validating perRouteWAF functionality
- Output of /trading/.* route path:
- Output of /.* route path:
Step4: Logs Verification
As you can see from the demonstration, F5 Distributed Cloud WAF has allowed and blocked the requests based on the route configuration and their associated WAF policies applied on the Load balancer.
For further information click the links below:
thanks for sharing this knowledge with us. Very useful article.
May I ask a question? For the Route config your are using regex. If I would want to use Prefix instead and use "/" and "/trading" - would this work too?
What is the matching criteria? First match? Longest match?
Is there a best practice or recommendation when to use regex and when to use Prefix?
Thanks & best
Glad to know that the article is helpful to you.
The answer for your question is
you can use prefix , path , regex anything and based on the type you can mention the match condition like for example
for prefix (/trading),
for regex (\/trading\/.*) ,
for path (<specific valid path i.e> /index.html)
Above three scenarios will work sucessfully. The precedence will be given to the route slot number. (ie first come first serve).
There is no particular recomendation of using the type, but based on our requirement we can use the Route Types.