First method: Start with the policy and list the virtual names under one of its properties. This allows more than one virtual name to be listed and therefore applies the policy to all of them. This method is intuitive and easy to follow. You have to first locate the policy hash ID and then reference it by this ID as you post the names of the virtuals.
Second Method (Alternate): Start with the virtual and assign to iy a "websecurity" profile and an LTM Layer 7 policy (pointing to the ASM policy). This method is less intuitive but safer to use in some cases. Use this method to add a policy to a virtual server without affecting any other virtual that may be using the same policy.
If not careful, a problem with this procedure appears when more than one virtual uses the same policy. You must post the list of virtual names in the body of the PATCH request. If any of the virtuals already listed under the policy is not resubmitted, the policy would be be dropped from to the virtual.
This alternate method applies the policy to one vritual server at a time.
Step 1: Create the policy in LTM L7 policy (in draft mode) which activates the ASM policy for all traffic.