ASM on HTTP and HTTPs VS
Hi all,
I'm pretty new with the ASM module on F5 and I was wondering how you are used to implement this module on your http(s) virtual servers. Actually, I have 1 website and 2 virtual servers : one VS listening on HTTP and one on HTTPS (with SSL terminaison on the F5 - the trafic between the F5 and the HTTP servers are not encrypted). The 2 VS are load balancing on to the same servers, the HTTPs is mostly used when logging on to the website and when you are logged in.
Since the ASM is "binded" to a virtual server...logically I should have two security policies but I don't think this is optimised ?
I was wondering if a better solution would be to have an irule HTTP to HTTPs redirect, so all the trafic is forced on the HTTPs µ VS and have only one security policy to manage on the HTTPs virtual server ?
How do you usually implement the ASM when you have HTTP and HTTPs VS ?
Thanks for your help