Forum Discussion

Nimbostratus

Sep 23, 2008

Destination based redirect irule, a'la cache.pac implementing?

Hello. We are using F5 for proxy servers gateway, and everything works fine, but due routings in proxy's if the clients destination is local network, the proxy's can't connect t...

Cirrostratus

Oct 01, 2008

You need to add a 'return' after the forward command to prevent the rest of the rule from running for requests with a local IP in the host header. Can test with this version and some additional logging?

 
 when HTTP_REQUEST {    
  
    log local0. "[IP::client_addr]:[TCP::client_port]: [IP::local_addr]:[TCP::local_port] [HTTP::host][HTTP::uri]" 
    if {[scan [HTTP::host] { % [ 0 - 9 : ] }]  eq [HTTP::host]}{   
  
       log local0. "[IP::client_addr]:[TCP::client_port]: Host header was numeric" 
  
       if {[matchclass [getfield [HTTP::host] ":" 1] eq ::private_net]}{        
  
          log local0. "[IP::client_addr]:[TCP::client_port]: Host was an internal IP. Forwarding and exiting rule event" 
          forward 
          return 
       }    
    } 
    log local0. "[IP::client_addr]:[TCP::client_port]: Host header wasn't numeric and a local IP address. Using proxy pool." 
    pool live-proxy-pool    
 }

Make sure to remove all of the spaces in the scan command: { % [ 0 - 9 : ] }

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)