Multiple URL's to a single VS with ASM

Question

So currently, I'm using iRules to send traffic to different pools, thus allowing us to use a single IP a little more efficiently. I would like to also be able to have these applications protected by ASM so I'm seeking a little guidance as to how to do this with the current iRule, or possibly using a policy if it's faster? Thanks in advance. 
when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
        "abc.com" { pool abc.com }
        "def.abc.com" { pool def.abc.com }
        "ghi.abc.com" { pool ghi.abc.com }
    }
}

ryan77777 · Answer

I do something similar (distribution via iRule), but assign the security policy to the VIP itself. However, our back-end pools all have the same security considerations so that works for us. If your differing pools have differing security considerations, then you would want to assign ASM profiles based upon those determinations (for example: Windows servers vs Linux servers would be a security profile consideration, or IIS vs Apache, etc).&nbsp;
This might help in that regard:
https://devcentral.f5.com/questions/is-there-a-way-to-apply-a-different-asm-policy-with-irules-60073&nbsp;

Forum Discussion

Multiple URL's to a single VS with ASM

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

single slot multiple core vs multiple slot single core

Multiple SNAT pools under a single VIP

Multiple URIs redirect to single URL

iRule Recipe 1: Single URL Explicit Redirect

BigIP VE - Multiple VLANs on single partition with single interface