ltm policy-strategy
ltm policy-strategy(1) BIG-IP TMSH Manual ltm policy-strategy(1)
NAME
policy-strategy - Configures policy-strategy for Centralized Policy Manager.
MODULE
ltm
DESCRIPTION
The policy-strategy component stores the different matching strategies employed by LTM Policy engine. Strategy
comes into play when a policy has multiple rules, and the behavior of the policy can be customized as the
situation requires.
There are 3 pre-defined matching strategies: "first-match", "all-match", and "best-match". A "first-match"
strategy terminates the matching engine on the first condition that matches and executes that rule's actions.
An "all-match" strategy will execute the actions for all conditions that match.
The "best-match" strategy is intended for situations when multiple conditions match simultaneously, and allows
for the more specific match to win. For example, one rule may match the http-uri hostname while another may
match the http-uri extension. The system has a built-in table defining combinations of event, operand, and
selector, and an associated precedence value for each combination. When multiple rules match in a "best-match"
situation, then the condition with the lowest ordinal value of event-operand-selector precendence is declared
to be the most specific, and its actions are executed.
Generally policy-strategy should not require additions or changes. However, it could make sense to create
user-defined policy-strategy when a "best-match" strategy is desired, but the built-in precedence table does
not reflect the organization's idea of which operand-selector combinations are most specific.
For additional details, refer to Local Traffic Policy documentation on the AskF5 knowledge base at
http://support.f5.com.
CREATE/MODIFY
create policy-strategy [name]
modify policy-strategy [name]
options:
[ strategy | [ all-match | best-match | first-match ] ]
operands [add | delete | modify | replace-all-with] {
ORDINAL {
[OPERAND] [EVENT] [SELECTOR]
}
}
[ app-service [VALUE | none]]
[ partition VALUE ]
where
strategy
Specifies the match method: all-match, best-match, or first-match.
operands
Define a combination of event, operand, selector, and associate it with an ordinal precedence value.
ORDINAL
Integer precedence value, lower value indicates a higher precedence.
OPERAND
Entity to compare, see some examples in Precedence Table below, or ltm_policy documentation for list with
descriptions.
EVENT
Framework event like request or response, default is "request" if not specified.
SELECTOR
More specific part of operand, default is "all" if not specified. See some examples in the Precedence
Table below, or ltm_policy documentation for list and descriptions.
app-service
Specifies the name of the application service to which the policy strategy belongs. The default value is
"none" if not specified. Note: If the strict-updates option is enabled on the application service that
owns the object, you cannot modify or delete the policy strategy. Only the application service can modify
or delete the policy strategy.
DISPLAY
list policy-strategy
list policy-strategy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete policy-strategy [name]
EXAMPLES
create policy-strategy my_strategy strategy first-match
Creates the policy strategy my_strategy which matches the first rule selected.
Precedence Table
Ordinal Event Operand Selector
-------- --------------- -------------------- --------------------
1 request tcp port
2 request tcp vlan-id
3 request tcp vlan
4 request tcp route-domain
5 request tcp rtt
6 request tcp mss
7 request client-ssl cipher
8 request client-ssl cipher-bits
9 request http-host host
10 request http-host port
11 request http-host all
12 request http-version all
13 request http-version major
14 request http-version minor
15 request http-method all
16 request http-uri scheme
17 request http-uri host
18 request http-uri port
19 request http-uri path-segment
20 request http-uri extension
21 request http-uri path
22 request http-uri query-parameter
23 request http-uri unnamed-query-parameter
24 request http-uri query-string
25 request http-uri all
26 request http-cookie all
27 request http-basic-auth username
28 request http-basic-auth password
29 request http-referer all
30 request http-referer scheme
31 request http-referer host
32 request http-referer port
33 request http-referer path-segment
34 request http-referer path
35 request http-referer extension
36 request http-referer query-parameter
37 request http-referer unnamed-query-parameter
38 request http-referer query-string
39 request http-header all
40 response http-version all
41 response http-version major
42 response http-version minor
43 response http-status all
44 response http-status code
45 response http-status text
46 response http-header all
47 request geoip org
48 request geoip isp
49 request geoip region-code
50 request geoip region-name
51 request geoip country-code
52 request geoip country-name
53 request geoip continent
54 request cpu-usage last-15secs
55 request cpu-usage last-1min
56 request cpu-usage last-5mins
57 request http-user-agent device-make
58 request http-user-agent device-model
59 request http-user-agent browser-type
60 request http-user-agent browser-version
61 request http-user-agent user-agent-token
SEE ALSO
ltm policy, create, delete, edit, glob, list, modify, regex, reset-stats, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2016. All rights reserved.
BIG-IP 2016-03-14 ltm policy-strategy(1)