Forum Discussion
NimbostratusCan I use a VIP to route HTTP traffic through a proxy?
We have a server that is behind a FW. The application running on it uses JVM that doesn't have proxy settings enabled. We have already tried using the "-Dhttp.useProxy=true -Dhttp.proxyHost=xxx.xxx.xxx.xxx -Dhttp.proxyPort=xxxx" java startup options but that doesn't work for all connections it tries to make. So what we would like to try and do is create a Virtual Server on the F5 to be used as a router to look at the traffic, any sourced from this server going to port 80, 8080, 443, 8443 hit the proxy server, and the rest of the traffic hit the normal FW/Gateway.
IS something like this possible on the F5, my guess is to setup a new VIP with an irule but i'm not sure of the specific syntax to get this working.
Any help would greatly be appreciated. Thanks, Ed
1 Reply
Amine_KadimiMVP
You can achieve this by using the "Forwarding (IP)" virtual server type. In the VS you can limit the accepted source to the server IP, and to limit the destination you can either create one VS per port or a unique VS and associate an iRule that will check for the destination port.
In this configuration the F5 will act like a router and will look at his routing table to determine the next hop (probably the default GW). In the iRule, You can explicitely specify a given IP as your next hop for your selected ports, and use the default GW for the other ports. See the nexthop command.
This is a pure routing approach. You can instead use a full proxy approach using as many "Standard" VS as your selected ports plus one catch all Forwarding (IP) VS to forward the rest of the traffic (or one VS + iRule for port filtering). In this approach you can leverage the standard VS advantages for your selected ports.
