Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

ASM Policy

Preet_pk
Altostratus
Altostratus

‎17-Mar-2022 04:58

Hi,

We have multiple web applications running on a single Virtual server with host/domain based pool routing.

For eg:

red.lab.ae

blue.labe.ae

irule:

when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
red.lab.ae {
pool Red_Pool1 }

green.lab.ae {
pool Green_Pool1 }

}
}

Just want to know if i need to apply ASM policy, do i need to apply seperate ASM policy one for "red.lab.ae" & "green.lab.ae" or a single ASM policy for both domain.

Will ASM policy works from top to bottom?

 

Labels:
0 Kudos
1 REPLY 1

CA_Valli
MVP
MVP

‎17-Mar-2022 10:30

Hello, you can use ASM::policy syntax to attach a different policy.

  • This requires that you have at least a minimal ASM Policy attached to the Virtual Server for the ASM commands to become available.
  • If you don't use ASM::enable or ASM::disable syntax, default policy applied to VS will be applied to traffic

 

when HTTP_REQUEST {
  switch [string tolower [HTTP::host]] {
    red.lab.ae {
      pool Red_Pool1
      ASM::enable <policy1> 
    }
    green.lab.ae { 
      pool Green_Pool1 
      ASM::enable <policy2>
    }

  }
}

 

 

Regarding your question about using different policies, it very much depends on the portals you're protecting.

I would recommend doing so if the application are very different, as a single "do it all" policy will loosen up the protection because you'll need to enable a lot of things required to make one portal work that might expose threats on the other one, and vice versa. 

 

0 Kudos
Copyright © 2023 Khoros, LLC