BIG-IP local traffic policies comprise a prioritized list of rules that match defined conditions and run specific actions, which you can assign to a virtual server that directs traffic accordingly. For example, you might create a policy that determines whether a client's browser is a Chrome browser and adds an Alternative-Protocols attribute to the header, so that subsequent requests from the Chrome browser are directed to a SPDY virtual server. Or you might create a policy that determines whether a client is using a mobile device, and then redirects its requests to the applicable mobile web site's URL.
Each BIG-IP local traffic matching policy requires a matching strategy to determine the rule that applies if more than one rule matches.
The BIG-IP policies provide three policy matching strategies: a first-match, best-match, and all-match strategy. Each policy matching strategy prioritizes rules according to the rule's position within the Rules list.
|First-match strategy||A first-match strategy starts the actions for the first rule in the Rules list that matches.|
|Best-match strategy||A best-match strategy selects and starts the actions of the rule in the
Rules list with the best match, as determined by the following factors.
Note: In a best-match strategy, when multiple rules match and specify an action, conflicting or otherwise, only the action of the best-match rule is implemented. A best-match rule can be the lowest ordinal, the highest priority, or the first rule that matches in the Rules list.
|All-match strategy||An all-match strategy starts the actions for all rules in the Rules list
Note: In an all-match strategy, when multiple rules match, but specify conflicting actions, only the action of the best-match rule is implemented. A best-match rule can be the lowest ordinal, the highest priority, or the first rule that matches in the Rules list.
This table summarizes the profile settings that are required for local traffic policy matching.
|http||Specifies that the policy matching requires an HTTP profile.|
|ssl||Specifies that the policy matching requires a Client SSL profile.|
|tcp||Specifies that the policy matching requires a TCP profile.|
This table summarizes the controls settings that are required for local traffic policy matching.
|acceleration||Provides controls associated with acceleration functionality.|
|caching||Provides controls associated with caching functionality.|
|classification||Provides controls associated with classification.|
|compression||Provides controls associated with HTTP compression.|
|forwarding||Provides controls associated with forwarding functionality.|
|request-adaptation||Provides controls associated with request-adaptation functionality.|
|response-adaptation||Provides controls associated with response-adaptation functionality.|
|server-ssl||Provides controls associated with server-ssl functionality.|
BIG-IP local traffic policy rules match defined conditions and start specific actions. You can create a policy with rules that are as simple or complex as necessary, based on the passing traffic. For example, a rule might simply determine that a client's browser is a Chrome browser that is not on an administrator network. Or a rule might determine that a request URL starts with /video, that the client is a mobile device, and that the client's subnet does not match 172.27.56.0/24.
The conditions for a local traffic policy rule define the necessary criteria that must be met in order for the rule's actions to be applied. For example, a policy might include the following conditions, which, when met by a request, would allow the rule's specified actions to be applied.
This table summarizes the operands for each condition used in policy matching.
|Operand||Type||Valid Events||Selectors and Parameters||Description|
||Requires a Client SSL profile for policy matching.|
||Returns <username>: <password> or parts of it.|
||Returns the value of a particular cookie or cookie attribute.|
||Returns the value of a particular header.|
||Provides all or part of the HTTP Host header.|
||Provides the HTTP method.|
||Provides all or part of the HTTP Referer header.|
||Sets the selected setting of a particular cookie or cookie attribute.|
||Returns the HTTP status line or part of it.|
||Provides all or part of the request URI.|
||Provides HTTP/1.1 a number.|
||Requires a TCP profile for policy matching.|
The actions for a local traffic policy rule determine how traffic is handled. For example, actions for a rule could include the following ways of handling traffic.
This table summarizes the actions associated with the conditions of the rule used in policy matching.