Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

URI Based Filtering using ASM Module ?

Subrun
Cirrostratus
Cirrostratus

‎22-Dec-2021 08:35

Hello,

 

I am doing replace based LTM Policy as below , below 3 line is path for 3 different company and want to control each company can access to their respective URL not the other ones. Like if Company1 need to access 1st URL they will access it but want to restrict remaining 2 URI for Company 1.

 

I have ASM Module Provisioned , can I use ASM Policy to achieve this ? All these Companies will have different IPs as SOURCE.

 

if traffic comes to https://test.test.com:443/Test/Company1/ replace to /Path/Company1/ path of Pool1

 

if traffic comes to https://test.test.com:443/Test/Company2/ replace to /Path/Company2/ path of Pool1

 

if traffic comes to https://test.test.com:443/Test/Company2/ replace to /Path/Company2/ path of Pool1

Labels:
0 Kudos
2 REPLIES 2

Amine_Kadimi
MVP
MVP

‎22-Dec-2021 13:40

This is a typical use case for local traffic policy. I wonder why you want to replace that?

0 Kudos

JRahm
Community Manager
Community Manager

‎22-Dec-2021 13:54 - last edited on ‎04-Jun-2023 19:14 by Fog

you can use the source IPs to differentiate what paths are accessible and can incorporate that directly into your policy, either by address list in the policies or via datagroups. Here's the address list version:

ltm policy access_by_src_ip {
    controls { forwarding }
    last-modified 2021-12-22:15:50:07
    requires { http tcp }
    rules {
        app1 {
            actions {
                0 {
                    forward
                    select
                    pool pool1
                }
            }
            conditions {
                0 {
                    tcp
                    client-accepted
                    address
                    matches
                    values { 1.1.1.1 }
                }
            }
        }
        app2 {
            actions {
                0 {
                    forward
                    select
                    pool pool2
                }
            }
            conditions {
                0 {
                    tcp
                    client-accepted
                    address
                    matches
                    values { 2.2.2.2 }
                }
            }
            ordinal 1
        }
        app3 {
            actions {
                0 {
                    forward
                    select
                    pool pool3
                }
            }
            conditions {
                0 {
                    tcp
                    client-accepted
                    address
                    matches
                    values { 3.3.3.3 }
                }
            }
            ordinal 2
        }
    }
    status published
    strategy first-match
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos
Copyright © 2023 Khoros, LLC