Forum Discussion
HTTP Forward Proxy using hosts
Hello,
I have a ASM + SSL Forwarding Proxy license where part of the task is to configure the F5 as a forward proxy for "internal" and external websites.
I have configured the F5 as forwarding proxy by using the iapp"; and it works properly with external websites/domains ( such as google,...) but not on internal websites.
This works because I have a dns resolver assigned to the HTTP Profile, that contact the DNS to resolve the host header. Due to some constraint, the dns does not resolve internal websites such as x.mydomain.com. (Note:I cannot change the customer's DNS behavior) Steps that did not help: .......................... 1- Adding the internal domains to the host file on the F5 "as local dns" did not help. 2- adding mydomain.com as forwarding zone in the dns resolver and pointed to loopback, throw an error that loopbacks are not allowed. 3- adding an irule to direct a traffic to a pool (the internal website) when HTTP_PROXY_REQUEST {
switch [string tolower [HTTP::host]] {
"x.mydomain.com" {
pool poolx
snat snatx
}
}
}
So basically, I need to find a way to force the F5 to use its own local dns first for internal domains (internal websites), using the HTTP Proxy mode profile.
thank you in advance for your assistance.
Regards, George
Hi,
Why not adding a forwarding zone for those domains and resolving to internal DNS servers by filling the nameservers for those Forward Zones
Regards
Yann
- Stanislas_Piro2Cumulonimbus
Look at this code
change the line 94 with:
} elseif {[set pool_members [ class match -value -- $QNAME equals InternalDNS]] equals ""} {
create a datagroup InternalDNS with values
x.mydomain.com:=1.2.3.4 y.mydomain.com:=2.3.4.5
create a virtual server listening on UDP port 53 with this irule
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com