Forum Discussion
Apply a Policy to an SNAT list
I have a SNAT list which translates outgoing traffic from a particular internal IP to a pool of external IPs. This is used for proxying to tax agency sites.
Recently we got dinged on a "security" audit because some of our scraping software uses a user-agent string for an old version of Chrome. The admin for the robots says this cannot be changed so I was told to find a way to fix it.
I first looked at using an irule but found a forum post recommending this is better done with a policy. I created a policy that replacing any user-agent header claiming to be chrome to the (mostly) latest and greatest value. However, I cannot see how to apply this policy to the pool of addresses.
Can this even be done? If so how?
Hello,
To apply such a policy to https traffic, clientssl and serverssl profile will be necessary, and also and http profile, as the policy is intended to modify the http traffic.
If you have such a configuration, it seems there is even no way to set a condition matching selected pool. Then you should probably write an iRule for this, or find another matching solution (like source ip of the server hosting the scrapper maybe ?)
Cheers,
Sam
- SamCoCirrus
Hello,
To apply such a policy to https traffic, clientssl and serverssl profile will be necessary, and also and http profile, as the policy is intended to modify the http traffic.
If you have such a configuration, it seems there is even no way to set a condition matching selected pool. Then you should probably write an iRule for this, or find another matching solution (like source ip of the server hosting the scrapper maybe ?)
Cheers,
Sam
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com