3.3. WAF/ASM Policy Deployment¶
In this lab we will deploy a Web Application Firewall policies that can be used by Application Security Manager. Be sure to review the following documentation before continuing:
3.3.1. WAF Policy Deployment via Bundled Resource
Create a new deployment with the following values:
Field Name Value Name Lab3.3 Template appsvcs_integration_v2.0.003_custom Virtual Server: Address 10.1.20.33 `Virtual Server: Port <AppSvcsiAp p_presoref.html# preso-pool-port> `__ 80 Pool: Pool Table - Row 1:
- Index: 0
- Monitor(s): 0
Pool: Members - Row 1:
- Pool Idx: 0
- IP/Node Name: 10.1.10.100
- Port: 80
- Row 2:
- Pool Idx: 0
- IP/Node Name: 10.1.10.101
- Port: 80
Monitor: Monitor Table - Row 1:
- Index: 0
- Name: /Common/http
Virtual Server: Client-side L4 Protocol Profile /Common/tcp-wan-optimized Virtual Server: Server-side L4 Protocol Profile /Common/tcp-lan-optimized Virtual Server: HTTP Profile /Common/http Virtual Server: Bundled Items - Row 1:
- Resource: asm:asm_example1
- Row 2:
- Resource: asm:asm_example2
L7 Policy: Rules: Matching _ - Row 1:
- Group: 0
- Operand: http-host/request/host
- Condition: equals
- Value: www.example1.com
- Row 2:
- Group: 1
- Operand: http-host/request/host
- Condition: equals
- Value: www.example2.com
- Row 3:
- Group: default
L7 Policy: Rules: Action - Row 1:
- Group: 0
- Target: asm/request/enable/policy
- Parameter: bundled:asm_example1
- Row 2:
- Group: 1
- Target: asm/request/enable/policy
- Parameter: bundled:asm_example2
- Row 3:
- Group: default
- Target: forward/request/reset
- Row 1:
Click the ‘Finished’ button to deploy the template and monitor the deployment log
The initial objects in the Components view does not represent the final state of the deployment as detailed in Execution Flow
Monitor the deployment log and wait for the postdeploy_final process to complete
Review the deployed configuration using the iApp Components view
Review the L7 policy that was created
3.3.2. WAF Policy Deployment via URL
Click iApps -> Application Services -> Lab3.3 -> Reconfigure
Modify the following values and click ‘Finished’:
Field Name Value Virtual Server: Bundled Items Row 3:
Resource:
asm:url=http://<web server IP>/appsvcs/r
emote_asm1.xml
L7 Policy: Rules: Matching _ - Row 3:
- Group: 2
- Operand: http-host/request/host
- Condition: equals
- Value: www.example3.com
- Row 4:
- Group: default
L7 Policy: Rules: Action - Row 3:
- Group: 2
- Target: asm/request/enable/policy
- Parameter: bundled:remote_asm1
- Row 4:
- Group: default
- Target: forward/request/reset
Click the ‘Finished’ button to deploy the template and monitor the deployment log
Monitor the deployment log and wait for the postdeploy_final process to complete
Review the deployed configuration using the iApp Components view
Review the L7 policy that was created
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.