Multiple ASM policy applied on Virtual Server

Preet_pk · ‎17-Jan-2022

Hi,

We have a F5 design were single Virtual Server (VIP) is pointing to multiple application on back-end via iRule & iRule load balancing is based on HTTP::host (Layer 7)

for eg:

when HTTP_REQUEST {

switch [string tolower [HTTP::host]] {

a.test.ae {

pool a_test_Pool1}

b.test.ae {

pool b_test_Pool1 }

}

We have a requirement to apply ASM policy on specific application (for eg: application "a") - while enforcing ASM policy specific to application "a" & applied on Virtual Server, will application "b" break? if so, please let me know what will be the best approach in this scenario.

Jim_Schwartzme1 · ‎19-Jan-2022

You can apply the ASM policy in your irule when you select the pool. You'll want to enable the policy for the pools that need it and disable it on the pools that dont.

https://devcentral.f5.com/s/question/0D51T00006i7jvy/apply-asm-policy-through-irule

Your code should look something like this:

when HTTP_REQUEST {

switch [string tolower [HTTP::host]] {

a.test.ae {

pool a_test_Pool1

ASM::enable "/Common/<asm Policy name>"}

b.test.ae {

pool b_test_Pool1

ASM::disable}

}

Sebastiansierra · ‎18-Feb-2022

Hi,

The best solution that you can apply to avoid future errors with the irule is using LTM Policy, You can execute multiple actions as:

* Read the host and send to a specific pool

*Apply an ASM polity to that pool

*Many more.

Follow this article to configure Ltm Policy:

https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/configuring-asm-with-lo...

DevCentral

Multiple ASM policy applied on Virtual Server

Khoros Kudos Award 2022