Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

ASM Local Traffic Policy to redirect on specific URL

Go to solution
toneman
Altostratus
Altostratus

‎03-Aug-2022 11:21

This is getting more complicated the more I research it.  Here goes...  When a request contains a specific URL, I'd like to modify my local traffic policy to redirect traffic to an ASM policy that is different (modified) than the one applied to the VIP in question.  And have all other traffic route normally to the applied ASM policy. 

Is this possible?  It wasn't obvious at first but wouldn't the modified ASM policy (for the URL) need its own virtual server?

Thanks in advance,

Toneman

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
boneyard
MVP
MVP
In response to toneman

‎03-Aug-2022 12:37

issue is probably with the client connect, which is when TCP starts and this is later. i dont know by hard what the other options are, but can you try something more http related?

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
boneyard
MVP
MVP

‎03-Aug-2022 11:41

you say redirect to an ASM policy, do you mean you want to apply different ASM policies for the same VIP based on URL?

that is possible. just start with a rule to hit on a certain URL and apply ASM policy X and a second rule with the default ASM policy.

or do you want to do an actual redirect to another virtual server?

0 Kudos

Go to solution
toneman
Altostratus
Altostratus
In response to boneyard

‎03-Aug-2022 12:04

Correct, one VIP with two ASM policies, with a specific URL going to the second policy.  I don't want to use another virtual server.

I just saw article K35432913 "How to select a different ASM policy based on the URI Path in a request" that seems to address this although I'm getting an error when trying to save the suggested config in the article.  This error happens when I try to enable ASM for the secondary "redirect" policy.  If I choose "log" I'm able to save the policy...

The error says I'm defining an action which occurs before one of its conditions, or before a condition in an earlier rule with a lower ID.

 
 
I'm configuring this on a lab VE using v16
 
 
0 Kudos

Go to solution
boneyard
MVP
MVP
In response to toneman

‎03-Aug-2022 12:09

can you share a screenshot of your local traffic policy? you might try to a redirect, which isn't needed, just enable ASM.

0 Kudos

Go to solution
toneman
Altostratus
Altostratus
In response to boneyard

‎03-Aug-2022 12:14

toneman_0-1659554089296.png

 

0 Kudos

Go to solution
toneman
Altostratus
Altostratus
In response to toneman

‎03-Aug-2022 12:20

If I choose "Log" in the dropdown vs "Enable" or "Disable", it allows me to save it.

 

0 Kudos

Go to solution
boneyard
MVP
MVP
In response to toneman

‎03-Aug-2022 12:37

issue is probably with the client connect, which is when TCP starts and this is later. i dont know by hard what the other options are, but can you try something more http related?

0 Kudos

Go to solution
toneman
Altostratus
Altostratus
In response to boneyard

‎03-Aug-2022 14:02

Got it to work, thanks for your help!

ltm policy asm_auto_l7_policy__adm_vs {
controls { asm }
last-modified 2022-08-03:14:28:13
requires { http }
rules {
admin {
actions {
0 {
asm
enable
policy /Common/ASMGlobalPolicy_Test_File-Redirect
}
}
conditions {
0 {
http-uri
path
values { /user_login.php }
}
}
ordinal 1
}
default {
actions {
0 {
asm
enable
policy /Common/ASMGlobalPolicy_Test
}
}
}
}
status published
strategy best-match
}

0 Kudos
Copyright © 2023 Khoros, LLC