Manual Chapter : Local Traffic Policies

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

Local Traffic Policies

About local traffic policy matching

BIG-IP® local traffic policies comprise a prioritized list of rules that match defined conditions and run specific actions, which you can assign to a virtual server that directs traffic accordingly. For example, you might create a policy that determines whether a client's browser is a Chrome browser and adds an Alternative-Protocols attribute to the header, so that subsequent requests from the Chrome browser are directed to a SPDY virtual server. Or you might create a policy that determines whether a client is using a mobile device, and then redirects its requests to the applicable mobile web site's URL.

About strategies for local traffic policy matching

Each BIG-IP® local traffic matching policy requires a matching strategy to determine the rule that applies if more than one rule matches.

The BIG-IP policies provide three policy matching strategies: a first-match, best-match, and all-match strategy. Each policy matching strategy prioritizes rules according to the rule's position within the Rules list.

Note: A rule without conditions becomes the default rule in a best-match or first-match strategy, when the rule is the last entry in the Rules list.
Table 1. Policy matching strategies
Matching strategy Description
First-match strategy A first-match strategy starts the actions for the first rule in the Rules list that matches.
Best-match strategy A best-match strategy selects and starts the actions of the rule in the Rules list with the best match, as determined by the following factors.
  • The number of conditions and operands that match the rule.
  • The length of the matched value for the rule.
  • The priority of the operands for the rule.
Note: In a best-match strategy, when multiple rules match and specify an action, conflicting or otherwise, only the action of the best-match rule is implemented. A best-match rule can be the lowest ordinal, the highest priority, or the first rule that matches in the Rules list.
All-match strategy An all-match strategy starts the actions for all rules in the Rules list that match.
Note: In an all-match strategy, when multiple rules match, but specify conflicting actions, only the action of the best-match rule is implemented. A best-match rule can be the lowest ordinal, the highest priority, or the first rule that matches in the Rules list.

Local traffic policy matching Requires profile settings

This table summarizes the profile settings that are required for local traffic policy matching.

Requires Setting Description
http Specifies that the policy matching requires an HTTP profile.
ssl Specifies that the policy matching requires a Client SSL profile.
tcp Specifies that the policy matching requires a TCP profile.

Local traffic policy matching Controls settings

This table summarizes the controls settings that are required for local traffic policy matching.

Controls Setting Description
acceleration Provides controls associated with acceleration functionality.
caching Provides controls associated with caching functionality.
classification Provides controls associated with classification.
compression Provides controls associated with HTTP compression.
forwarding Provides controls associated with forwarding functionality.
request-adaptation Provides controls associated with request-adaptation functionality.
response-adaptation Provides controls associated with response-adaptation functionality.
server-ssl Provides controls associated with server-ssl functionality.

About rules for local traffic policy matching

BIG-IP® local traffic policy rules match defined conditions and start specific actions. You can create a policy with rules that are as simple or complex as necessary, based on the passing traffic. For example, a rule might simply determine that a client's browser is a Chrome browser that is not on an administrator network. Or a rule might determine that a request URL starts with /video, that the client is a mobile device, and that the client's subnet does not match 172.27.56.0/24.

About conditions for local traffic policy matching

The conditions for a local traffic policy rule define the necessary criteria that must be met in order for the rule's actions to be applied. For example, a policy might include the following conditions, which, when met by a request, would allow the rule's specified actions to be applied.

Condition Setting
Operand http-host
Event request
Selector all
Condition equals
Values www.siterequest.com

Local traffic policy matching Conditions operands

This table summarizes the operands for each condition used in policy matching.

Operand Type Valid Events Selectors and Parameters Description
client-ssl string/number
  • request
  • response
  • cipher
  • cipher-bits
  • protocol
Requires a Client SSL profile for policy matching.
http-basic-auth string
  • request
  • password
  • username
Returns <username>: <password> or parts of it.
http-cookie string
  • request
  • all
    • name
Returns the value of a particular cookie or cookie attribute.
http-header string
  • request
  • response
  • all
    • name (required)
Returns the value of a particular header.
http-host string/number
  • request
  • all
  • host
  • port
Provides all or part of the HTTP Host header.
http-method string
  • request
  • all
Provides the HTTP method.
http-referer string/number
  • request
  • all
  • extension
  • host
  • path
  • path-segment
    • index (required)
  • port
  • query-parameter
    • name (required)
  • query-string
  • scheme
  • unnamed-query- parameter
    • index (required)
Provides all or part of the HTTP Referer header.
http-set-cookie string
  • response
  • domain
    • name (required)
  • expiry
    • name (required)
  • path
    • name (required)
  • value
    • name (required)
  • version
    • name (required)
Sets the selected setting of a particular cookie or cookie attribute.
http-status string/number
  • response
  • all
  • code
  • text
Returns the HTTP status line or part of it.
http-uri string/number
  • request
  • all
  • extension
  • host
  • path
  • path-segment
    • index (required)
  • port
  • query-parameter
    • name (required)
  • query-string
  • scheme
  • unnamed-query- parameter
    • index (required)
Provides all or part of the request URI.
http-version string/number
  • request
  • response
  • response
    • all
    • major
    • minor
    • protocol
Provides HTTP/1.1 a number.
tcp number
  • request
  • response
  • mss
    • internal true
  • port
    • internal true
    • local true
  • route-domain
    • internal true
  • rtt
    • internal true
  • vlan
    • internal true
  • vlan-id
    • internal true
Requires a TCP profile for policy matching.

About actions for a local traffic policy rule

The actions for a local traffic policy rule determine how traffic is handled. For example, actions for a rule could include the following ways of handling traffic.

  • Blocking traffic
  • Rewriting a URL
  • Logging traffic
  • Adding a specific header
  • Redirecting traffic to a different pool member
  • Selecting a specific Web Application policy

Local traffic policy matching Actions operands

This table summarizes the actions associated with the conditions of the rule used in policy matching.

Target Type Valid Events Action
acceleration string/number
  • request
  • disable
  • enable
cache string
  • request
  • response
  • disable
  • enable
    • pin true
compress string
  • request
  • response
  • disable
  • enable
decompress string
  • request
  • response
  • disable
  • enable
forward string
  • request
  • reset
  • select
    • clone-pool
    • member
    • nexthop
    • node
    • pool
    • rateclass
    • snat
    • snatpool
    • vlan
    • vlan-id
http-cookie string
  • request
  • insert
    • name (required)
    • value (required)
  • remove
    • name (required)
http-header string/number
  • request
  • response
  • insert
    • name (required)
    • value (required)
  • remove
    • name (required)
  • replace
    • name (required)
    • value (required)
http-host string
  • request
  • replace
    • value
http-referer string
  • request
  • insert
    • value (required)
  • remove
  • replace
    • value
http-reply string
  • request
  • response
  • redirect
    • location (required)
http-set-cookie string/number
  • response
  • insert
    • name (required)
    • domain
    • path
    • value (required)
  • remove
    • name (required)
http-uri string/number
  • response
  • replace
    • path
    • query-string
    • value
log string/number
  • request
  • response
  • write
    • message (required)
pem string/number
  • request
  • response
  • classify
    • application
    • category
    • defer
    • protocol
request-adapt string/number
  • request
  • response
  • disable
  • enable
response-adapt string/number
  • request
  • response
  • disable
  • enable
server-ssl string/number
  • request
  • disable
  • enable
tcl string/number
  • request
  • response
  • set-variable
    • name (required)
    • expression (required)
tcp-nagle string/number
  • request
  • disable
  • enable