-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathcreate_cs.conf
More file actions
86 lines (77 loc) · 7.49 KB
/
create_cs.conf
File metadata and controls
86 lines (77 loc) · 7.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
##################################################
# Content-Switching Virtual Server create script #
##################################################
# 1. Replace $TENANT (CASE SENSISTIVE REPLACE !!!)
# 2. Replace $tenant (CASE SENSISTIVE REPLACE !!!)
# 3. Replace $IPADDRESS with the IP address to be used by the content-switching virtual server
# 4. Set the SM_CL1009_IP_CONTROL entry to denylist or whitelist, default is blocklist
# 5. Update the Listen Policy expression for the SSL_TCP Content-Switching virtual server, default is "false"
add cs vserver CS_$TENANT_HTTP HTTP $IPADDRESS 80 -cltTimeout 180
bind cs vserver CS_$TENANT_HTTP -policyName NOPOLICY-REWRITE -priority 100901 -gotoPriorityExpression END -type REQUEST -invoke policylabel RWPL_CL1009_CS_REQ_CORE
bind cs vserver CS_$TENANT_HTTP -policyName NOPOLICY-REWRITE -priority 100901 -gotoPriorityExpression END -type RESPONSE -invoke policylabel RWPL_CL1009_CS_RES_CORE
bind cs vserver CS_$TENANT_HTTP -policyName RSP_CL1009_IP_CSTCP_NOTLISTED -priority 100901 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_HTTP -policyName RSP_CL1009_IP_VSTCP_NOTLISTED -priority 100902 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_HTTP -policyName RSP_CL1009_IP_CSTCP_ALLOWLIST -priority 100903 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_HTTP -policyName RSP_CL1009_IP_CSTCP_BLOCKLIST -priority 100904 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_HTTP -policyName RSP_CL1009_IP_VSTCP_ALLOWLIST -priority 100905 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_HTTP -policyName RSP_CL1009_IP_VSTCP_BLOCKLIST -priority 100906 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_FULL_LAN -priority 100901
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_SCND_LAN -priority 100902
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_FRST_LAN -priority 100903
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_FQDN_LAN -priority 100904
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_WILD_LAN -priority 100905
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_ACME_ANY -priority 100910
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_FULL_ANY -priority 100911
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_SCND_ANY -priority 100912
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_FRST_ANY -priority 100913
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_FQDN_ANY -priority 100914
bind cs vserver CS_$TENANT_HTTP -policyName CSP_CL1009_HTTP_WILD_ANY -priority 100915
bind cs vserver CS_$TENANT_HTTP -lbvserver VS_CL1009_NO_SERVICE_HTTP
bind policy stringmap SM_CL1009_IP_CONTROL cs_$tenant_http "list=blocklist;"
add cs vserver CS_$TENANT_SSL SSL $IPADDRESS 443 -cltTimeout 180
bind cs vserver CS_$TENANT_SSL -policyName NOPOLICY-REWRITE -priority 100901 -gotoPriorityExpression END -type REQUEST -invoke policylabel RWPL_CL1009_CS_REQ_CORE
bind cs vserver CS_$TENANT_SSL -policyName NOPOLICY-REWRITE -priority 100901 -gotoPriorityExpression END -type RESPONSE -invoke policylabel RWPL_CL1009_CS_RES_CORE
bind cs vserver CS_$TENANT_SSL -policyName RSP_CL1009_IP_CSTCP_NOTLISTED -priority 100901 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_SSL -policyName RSP_CL1009_IP_VSTCP_NOTLISTED -priority 100902 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_SSL -policyName RSP_CL1009_IP_CSTCP_ALLOWLIST -priority 100903 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_SSL -policyName RSP_CL1009_IP_CSTCP_BLOCKLIST -priority 100904 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_SSL -policyName RSP_CL1009_IP_VSTCP_ALLOWLIST -priority 100905 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_SSL -policyName RSP_CL1009_IP_VSTCP_BLOCKLIST -priority 100906 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_FULL_LAN -priority 100901
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_SCND_LAN -priority 100902
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_FRST_LAN -priority 100903
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_FQDN_LAN -priority 100904
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_WILD_LAN -priority 100905
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_FULL_ANY -priority 100911
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_SCND_ANY -priority 100912
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_FRST_ANY -priority 100913
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_FQDN_ANY -priority 100914
bind cs vserver CS_$TENANT_SSL -policyName CSP_CL1009_HTTP_WILD_ANY -priority 100915
bind cs vserver CS_$TENANT_SSL -lbvserver VS_CL1009_NO_SERVICE_SSL
bind policy stringmap SM_CL1009_IP_CONTROL cs_$tenant_ssl "list=blocklist;"
add cs vserver CS_$TENANT_TCP TCP $IPADDRESS * -cltTimeout 9000
bind cs vserver CS_$TENANT_TCP -policyName RSP_CL1009_IP_CSTCP_NOTLISTED -priority 100901 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_TCP -policyName RSP_CL1009_IP_VSTCP_NOTLISTED -priority 100902 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_TCP -policyName RSP_CL1009_IP_CSTCP_ALLOWLIST -priority 100903 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_TCP -policyName RSP_CL1009_IP_CSTCP_BLOCKLIST -priority 100904 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_TCP -policyName RSP_CL1009_IP_VSTCP_ALLOWLIST -priority 100905 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_TCP -policyName RSP_CL1009_IP_VSTCP_BLOCKLIST -priority 100906 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_TCP -policyName CSP_CL1009_TCP_LAN -priority 100901
bind cs vserver CS_$TENANT_TCP -policyName CSP_CL1009_TCP_ANY -priority 100911
bind cs vserver CS_$TENANT_TCP -lbvserver VS_CL1009_NO_SERVICE_TCP
bind policy stringmap SM_CL1009_IP_CONTROL cs_$tenant_tcp "list=blocklist;"
add cs vserver CS_$TENANT_STCP SSL_TCP $IPADDRESS * -cltTimeout 9000 -Listenpolicy "false"
bind cs vserver CS_$TENANT_STCP -policyName RSP_CL1009_IP_CSTCP_NOTLISTED -priority 100901 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_STCP -policyName RSP_CL1009_IP_VSTCP_NOTLISTED -priority 100902 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_STCP -policyName RSP_CL1009_IP_CSTCP_ALLOWLIST -priority 100903 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_STCP -policyName RSP_CL1009_IP_CSTCP_BLOCKLIST -priority 100904 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_STCP -policyName RSP_CL1009_IP_VSTCP_ALLOWLIST -priority 100905 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_STCP -policyName RSP_CL1009_IP_VSTCP_BLOCKLIST -priority 100906 -gotoPriorityExpression END -type REQUEST
bind cs vserver CS_$TENANT_STCP -policyName CSP_CL1009_TCP_LAN -priority 100901
bind cs vserver CS_$TENANT_STCP -policyName CSP_CL1009_TCP_ANY -priority 100911
bind cs vserver CS_$TENANT_STCP -lbvserver VS_CL1009_NO_SERVICE_TCP
bind policy stringmap SM_CL1009_IP_CONTROL cs_$tenant_stcp "list=blocklist;"
add cs vserver CS_$TENANT_UDP UDP $IPADDRESS * -cltTimeout 9000
bind cs vserver CS_$TENANT_UDP -policyName CSP_CL1009_UDP_LAN -priority 100901
bind cs vserver CS_$TENANT_UDP -policyName CSP_CL1009_UDP_ANY -priority 100911
bind policy stringmap SM_CL1009_IP_CONTROL cs_$tenant_udp "list=blocklist;"