Forum Discussion

Sriram_Shanmuga's avatar
Sriram_Shanmuga
Icon for Altostratus rankAltostratus
Mar 14, 2019

How to configure ASM security policy using FQDN

Hi All, We have a requirement to configure a security policy in ASM using FQDN. The application is hosted in AWS, do i need a DNS server service to provide the lookup of the domain name ? Please help me to understand. Thanks

 

2 Replies

  • Hi

     

    Not quite sure what you are trying to achieve. - Is your AWAF in the cloud ? On prem ? - the application you are protecting is in the cloud it seems

     

    Do you want to block requests getting to ASM without hostname ? or with a hostname not matching you app ?

     

    If so I would :

     

    - Create a custom Violation, a datagroup of allowed FQDN and an iRule to raise the custom violation if a Host header value does not match on in the FQDN list in the datagroup.

     

    Let us know more in details what you want to achieve.

     

    Yoann

     

  • Hi

     

    Try to enable Monitor logging for all pool members and check the logs in /var/log/monitors when it starts failing. Another hint. AS it's cloud based services, check also with them if they enabled anti DOS features ? If so you may have to reduce the frequency/interval of the monitor checking

     

    Sincerely