Bypassing a VIP based on destination address

1. If the proxy ip address is hard-coded in the browser then it doesn't matter what you redirect to... It'll still go via the proxy... The only way around that really is to use a PAC file (It's a small javascript program that gets run for EVERY URL accessed. It can decide whether to use a proxy or go direct to a website).

 

Beaware though that because it gets run for EVERY URL, you really really do want to keep it small. And avoid IP address lookups etc.

 

 

2. redirects are no good.

 

 

The best way would be via PAC file. Note that you can setup the PAC file on an HTTP server and then have the browsers load it from there. Thus you don't have to distribute a file every time it changes. Failing that, I'd recommend using an iRule on the proxy_vip. Simply detect the host they're accessing, and if it's webmail.com then use the webmail pool. Otherwise use the default pool. You can also enable/disable SNAT in the iRUle so that when accessing the webmail servers, the webmail will see the client IP address. But this also pre-supposes that the webmail servers use the F5 as their route back to the clients (Either by default route, or routes in the network etc).

 

 

H