Different policies same destination and pool

Hello, I started recently administrated a f5 big-ip waf. The previous administrator created a single virtual server for multiple websites (there are multiple SSL certificates on this virtual server...

security

Mohamed_Salah_
Jun 29, 2023
Hello,

Since the current setup now is using one virtual server IP for all services, and multiple ceritficates, you can create a LTM policy and start checking for the host header and based on this, apply the appropriate ASM polict based on this service.

For example:

Rule1:

if host header = www.abc.com when http request, Action: apply ASM policy 1.

Rule2:

if host header = www.aaa.com when http request, Action: apply ASM policy 2.

and so on, until you apply different ASM policies on all services. and then add a default rule at the end of the LTM policy, for exmaple (forward to pool x or disable ASM)

A fter finishing the policy, you must publish it and then assign the policy to the virtual server. everytime you caan to add/modify rule, you will need first to clone it and then modify the rules, and publish the policy again.

here is an example:

Thanks,

Forum Discussion

Different policies same destination and pool

Recent Discussions

Could not connect to SMTP host.

Telemetry streaming to Elasticsearch

Provisioning r2600 equipment

Block CBC

active/active Support Declarative Onboarding

Related Content

Auditing Security Policy Updates

Destination address at F5

icontrol - different exported policy via icontrol and GUI

Using BIG-IQ to Determine Differences Between Advanced WAF Policies

Access policy, LTM policy and iRules