Forum Discussion
Marvin_129795
Nimbostratus
NimbostratusForward explicit SSL proxy server
Dear all,
Trying to figure out why HTTPS traffic is not passing the forward proxy. I followed the following article, configured the HTTP and SSL profiles and the two virtual servers accepting HT...
APNimbostratus
NimbostratusHi Kevin,
What's the trick to forwarding the HTTP traffic out the back of the Explicit VIP? The SSL traffic traverses the tcp-forward tunnel to the wildcard VS where it can be managed. How would I forward everything else (in particular, HTTP) where I want (e.g. to another VS or gateway pool)?
I've tried using the HTTP_PROXY_REQUEST event and proxy disable to send it various places. I can successfully send it to another VS however what I really want to do is send it through a security device. The SSL Intercept iApp 1.0 does this for HTTPS via an ingress pool, however I can't get this working for HTTP?
Without a fancy iRule solution, I guess creating routes is the only way to get it where I want.
Any tips?
Marvin
Cirrocumulus
CirrocumulusKevin, I have a very specific issue that an internal client is trying to access an external webservice using the explicit forward proxy with a SOAPui client and it works just fine. Also usign a webbrowser it works great. However when they try to communicate using an IBM AIX MQ server they are unable to connect to the external HTTPS webservice.
What I have seen in the packet capture is that the client does not send SNI information and the server does not respond with a server hello. The level of encryption and cipher support is not a problem using TLS1.2. Almost sure that SNI support is the problem, so how am I able to inject the SNI information uing the forward proxy? How to deal with this issue when there are similar problems with different external webservices? To be able to alter this behavior I guess the SSL forward proxy license is required, correct?
Looking forward to your fast response. Thanks!