APM - Web Application Split Tunnel

Does anyone have any examples to create a split-tunnel environment like the Firepass?

 

 

I am trying to create the following scenario which is easy with the Firepass:

 

 

1: Split-Tunnel ACL - example: www.f5.com

 

2: Rewrite ACL - example: *.f5.com

 

3: Default Rewrite Rule - Bypass Rewrite Engine like links on devcentral.f5.com to www.gartner.com

 

4: Deny ACL - example: devcentral.f5.com/adminconsole

 

5: Allow ACL - example: devcentral.f5.com

 

6: Default ACL - Deny All - this will block support.f5.com but not www.gartner.com

 

 

So far the APM is a little reversed concept:

 

1: Default Rewrite Rule - Rewrite everything

 

2: Application Web Application ACL

 

3: Flexible L7 ACL

 

 

I am assuming I can use I-Rules REWRITE_RESPONSE_DONE but I don't know the command to ignore the Rewrite Engine for weblinks.

 

 

1: Create a datagroup to bypass ACL = www.f5.com

 

Scan website for links and compare to datagroup like

 

if { [matchclass bypass-web-group equals "$[HTTP::host]"] }

 

Do not Rewrite links

 

2a: Create Application Web Application for all websites which needs to be rewrite - *.f5.com over 80/443

 

2b: Create a Datagroup which matchs the ACL on Web Appliation

 

3: Next level of I-rule will scan website for links and compare to the next datagroup like

 

if { [matchclass rewrite-web-group not equal "$[HTTP::host]"] } - Rewrite all other links - www.gartner.com

 

4: Create a ACL to block like devcentral.f5.com/adminconsole

 

5: Create a ACL to Allow website like devcentral.f5.com

 

6: Create a Bottom-ACL to block all websites

 

 

If we can't control Rewrite engine, is there a way to inject around the web-links before it gets to the APM?