Forum Discussion

blacksan_10396's avatar
Icon for Nimbostratus rankNimbostratus
Jun 16, 2011

APM - Web Application Split Tunnel

Does anyone have any examples to create a split-tunnel environment like the Firepass?



I am trying to create the following scenario which is easy with the Firepass:



1: Split-Tunnel ACL - example:


2: Rewrite ACL - example: *


3: Default Rewrite Rule - Bypass Rewrite Engine like links on to


4: Deny ACL - example:


5: Allow ACL - example:


6: Default ACL - Deny All - this will block but not



So far the APM is a little reversed concept:


1: Default Rewrite Rule - Rewrite everything


2: Application Web Application ACL


3: Flexible L7 ACL



I am assuming I can use I-Rules REWRITE_RESPONSE_DONE but I don't know the command to ignore the Rewrite Engine for weblinks.



1: Create a datagroup to bypass ACL =


Scan website for links and compare to datagroup like


if { [matchclass bypass-web-group equals "$[HTTP::host]"] }


Do not Rewrite links


2a: Create Application Web Application for all websites which needs to be rewrite - * over 80/443


2b: Create a Datagroup which matchs the ACL on Web Appliation


3: Next level of I-rule will scan website for links and compare to the next datagroup like


if { [matchclass rewrite-web-group not equal "$[HTTP::host]"] } - Rewrite all other links -


4: Create a ACL to block like


5: Create a ACL to Allow website like


6: Create a Bottom-ACL to block all websites



If we can't control Rewrite engine, is there a way to inject around the web-links before it gets to the APM?



1 Reply

  • Hi blacksan,



    I think we'll have an updated set of docs on the APM wiki for this shortly. You might try talking with your F5 or partner SE for details in the meantime.



    The titles will be:



    APM Portal Host Rewrite