For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mart_58302's avatar
mart_58302
Icon for Nimbostratus rankNimbostratus
Sep 23, 2008

Destination based redirect irule, a'la cache.pac implementing?

Hello.       We are using F5 for proxy servers gateway, and everything works fine, but due routings in proxy's if the clients destination is local network, the proxy's can't connect t...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 26, 2008
If the destination IP address on the client request is what you're trying to evaluate, can you try this rule on the 0.0.0.0:80 VIP with no HTTP profile? 

 
 when CLIENT_ACCEPTED {  
    
     if { [matchclass [IP::local_addr] equals $::private_net] } {  
        log local0. "[IP::client_addr]:[TCP::client_port]: Request to [IP::local_addr]:[TCP::local_port] matched local addresses" 
        forward  
     } else {  
        log local0. "[IP::client_addr]:[TCP::client_port]: Request to [IP::local_addr]:[TCP::local_port] didn't match local addresses" 
        pool live-proxy-pool  
     }  
  }

Can you try testing a request to an internal IP and an external IP? If it doesn't work, check the /var/log/ltm log file for log statements from the rule. Make sure you have routing in place for the non-local addresses. A tcpdump might help in troubleshooting any issues.

Aaron