Forum Discussion

Subrun's avatar
Subrun
Icon for Cirrostratus rankCirrostratus
Dec 22, 2021

URI Based Filtering using ASM Module ?

Hello,

 

I am doing replace based LTM Policy as below , below 3 line is path for 3 different company and want to control each company can access to their respective URL not the other ones. Like if Company1 need to access 1st URL they will access it but want to restrict remaining 2 URI for Company 1.

 

I have ASM Module Provisioned , can I use ASM Policy to achieve this ? All these Companies will have different IPs as SOURCE.

 

if traffic comes to https://test.test.com:443/Test/Company1/ replace to /Path/Company1/ path of Pool1

 

if traffic comes to https://test.test.com:443/Test/Company2/ replace to /Path/Company2/ path of Pool1

 

if traffic comes to https://test.test.com:443/Test/Company2/ replace to /Path/Company2/ path of Pool1

2 Replies

  • This is a typical use case for local traffic policy. I wonder why you want to replace that?

  • you can use the source IPs to differentiate what paths are accessible and can incorporate that directly into your policy, either by address list in the policies or via datagroups. Here's the address list version:

    ltm policy access_by_src_ip {
        controls { forwarding }
        last-modified 2021-12-22:15:50:07
        requires { http tcp }
        rules {
            app1 {
                actions {
                    0 {
                        forward
                        select
                        pool pool1
                    }
                }
                conditions {
                    0 {
                        tcp
                        client-accepted
                        address
                        matches
                        values { 1.1.1.1 }
                    }
                }
            }
            app2 {
                actions {
                    0 {
                        forward
                        select
                        pool pool2
                    }
                }
                conditions {
                    0 {
                        tcp
                        client-accepted
                        address
                        matches
                        values { 2.2.2.2 }
                    }
                }
                ordinal 1
            }
            app3 {
                actions {
                    0 {
                        forward
                        select
                        pool pool3
                    }
                }
                conditions {
                    0 {
                        tcp
                        client-accepted
                        address
                        matches
                        values { 3.3.3.3 }
                    }
                }
                ordinal 2
            }
        }
        status published
        strategy first-match
    }