cancel
Showing results for 
Search instead for 
Did you mean: 

ASM Local Traffic Policy to redirect on specific URL

toneman
Altostratus
Altostratus

This is getting more complicated the more I research it.  Here goes...  When a request contains a specific URL, I'd like to modify my local traffic policy to redirect traffic to an ASM policy that is different (modified) than the one applied to the VIP in question.  And have all other traffic route normally to the applied ASM policy. 

Is this possible?  It wasn't obvious at first but wouldn't the modified ASM policy (for the URL) need its own virtual server?

Thanks in advance,

Toneman

1 ACCEPTED SOLUTION

issue is probably with the client connect, which is when TCP starts and this is later. i dont know by hard what the other options are, but can you try something more http related?

View solution in original post

7 REPLIES 7

boneyard
MVP
MVP

you say redirect to an ASM policy, do you mean you want to apply different ASM policies for the same VIP based on URL?

that is possible. just start with a rule to hit on a certain URL and apply ASM policy X and a second rule with the default ASM policy.

or do you want to do an actual redirect to another virtual server?

Correct, one VIP with two ASM policies, with a specific URL going to the second policy.  I don't want to use another virtual server.

I just saw article K35432913 "How to select a different ASM policy based on the URI Path in a request" that seems to address this although I'm getting an error when trying to save the suggested config in the article.  This error happens when I try to enable ASM for the secondary "redirect" policy.  If I choose "log" I'm able to save the policy...

The error says I'm defining an action which occurs before one of its conditions, or before a condition in an earlier rule with a lower ID.

 
 
I'm configuring this on a lab VE using v16
 
 

can you share a screenshot of your local traffic policy? you might try to a redirect, which isn't needed, just enable ASM.

toneman_0-1659554089296.png

 

If I choose "Log" in the dropdown vs "Enable" or "Disable", it allows me to save it.

 

issue is probably with the client connect, which is when TCP starts and this is later. i dont know by hard what the other options are, but can you try something more http related?

Got it to work, thanks for your help!

ltm policy asm_auto_l7_policy__adm_vs {
controls { asm }
last-modified 2022-08-03:14:28:13
requires { http }
rules {
admin {
actions {
0 {
asm
enable
policy /Common/ASMGlobalPolicy_Test_File-Redirect
}
}
conditions {
0 {
http-uri
path
values { /user_login.php }
}
}
ordinal 1
}
default {
actions {
0 {
asm
enable
policy /Common/ASMGlobalPolicy_Test
}
}
}
}
status published
strategy best-match
}