Important: These steps apply to a BIG-IP® system on
which URL categories are available only by creating them in Access
Policy Manager® (APM®).
If you haven't
configured URL categories and URL filters yet in APM, configure them before you start
Look up the category for a URL request and use it
a policy branch rule, or to
a URL filter, and so on.
Note: These steps provide guidance for adding items
to control traffic based on the URL category; they do not specify a complete
On the Main tab, click
The Per-Request Policies screen opens.
In the Access Policy column for the per-request policy that you want to update,
click the Edit link.
The visual policy editor opens in another tab.
Add a Category Lookup item and set its properties:
Important: A Category Lookup item triggers event logging for URL
requests and provides categories for
URL Filter Assign item.
From the Categorization Input list, select an
entry based on the type of traffic to be processed. .
- For HTTP traffic, select Use HTTP URI (cannot be used
for SSL Bypass decisions).
- For SSL-encrypted traffic, select Use SNI in Client
Hello (if SNI is not available, use
Use Subject.CN in Server Cert is not
supported for reverse proxy.
For Category Lookup Type, you can only retain
the default setting Process custom categories
The properties screen closes. The visual policy editor
a URL Filter Assign
so anywhere on a branch after a Category Lookup item.
A URL filter applies to
categories that a Category Lookup item returns. If the filter specifies the
action for any URL category, URL Filter Assign blocks the request.
Note: If URL Filter Assign does not block the request and the filter
specifies the confirm action for any URL category, URL Filter Assign takes
the Confirm per-request policy branch and the policy
exits on the ending for it.
From the URL Filter list, select a URL
simplify the display in the visual policy editor
the URL filter does not specify
Branch Rules, and click x on the
The properties screen closes and the visual policy editor
Now the per-request policy includes
up the URL
You can add other items to the policy to control access according to your requirements.
Note: SSL bypass and SSL intercept are not supported when you are protecting
internal resources from incoming requests. They are supported in a forward proxy
A per-request policy goes into effect when you add it to a