03-Aug-2022 11:21
This is getting more complicated the more I research it. Here goes... When a request contains a specific URL, I'd like to modify my local traffic policy to redirect traffic to an ASM policy that is different (modified) than the one applied to the VIP in question. And have all other traffic route normally to the applied ASM policy.
Is this possible? It wasn't obvious at first but wouldn't the modified ASM policy (for the URL) need its own virtual server?
Thanks in advance,
Toneman
Solved! Go to Solution.
03-Aug-2022 12:37
issue is probably with the client connect, which is when TCP starts and this is later. i dont know by hard what the other options are, but can you try something more http related?
03-Aug-2022 11:41
you say redirect to an ASM policy, do you mean you want to apply different ASM policies for the same VIP based on URL?
that is possible. just start with a rule to hit on a certain URL and apply ASM policy X and a second rule with the default ASM policy.
or do you want to do an actual redirect to another virtual server?
03-Aug-2022 12:04
Correct, one VIP with two ASM policies, with a specific URL going to the second policy. I don't want to use another virtual server.
I just saw article K35432913 "How to select a different ASM policy based on the URI Path in a request" that seems to address this although I'm getting an error when trying to save the suggested config in the article. This error happens when I try to enable ASM for the secondary "redirect" policy. If I choose "log" I'm able to save the policy...
The error says I'm defining an action which occurs before one of its conditions, or before a condition in an earlier rule with a lower ID.
03-Aug-2022 12:09
can you share a screenshot of your local traffic policy? you might try to a redirect, which isn't needed, just enable ASM.
03-Aug-2022 12:14
03-Aug-2022 12:20
If I choose "Log" in the dropdown vs "Enable" or "Disable", it allows me to save it.
03-Aug-2022 12:37
issue is probably with the client connect, which is when TCP starts and this is later. i dont know by hard what the other options are, but can you try something more http related?
03-Aug-2022 14:02
Got it to work, thanks for your help!
ltm policy asm_auto_l7_policy__adm_vs {
controls { asm }
last-modified 2022-08-03:14:28:13
requires { http }
rules {
admin {
actions {
0 {
asm
enable
policy /Common/ASMGlobalPolicy_Test_File-Redirect
}
}
conditions {
0 {
http-uri
path
values { /user_login.php }
}
}
ordinal 1
}
default {
actions {
0 {
asm
enable
policy /Common/ASMGlobalPolicy_Test
}
}
}
}
status published
strategy best-match
}