Forum Discussion
George_Dimitria
Nimbostratus
NimbostratusHTTP to proxy format in order to force the use of a proxy
One way to force the use of a proxy in order to connect to a HTTP server is to use it either as a reverse proxy or a transparent proxy.
Is it possible to use irules on a HTTP virtual server in order to force the use of a pool of proxy servers without using the proxies in reverse proxy mode or transparent mode. That is the Big-IP converts the request to proxy format and then back to HTTP instead of the browser.
That is:
1. Client A connects to VS A (www.domain.com)
2. VS A contains an irule which directs the request to a pool of proxies (POOL A).
3. Proxies try to access the same VS A
4. Big-IP directs access to VS A from POOL A to pool of web servers (POOL B) and not to pool of proxies as it is the case with (2).
5. Big-IP directs responses from POOL B to POOL A of proxies
6. POOL A provides responses to Big-IP.
7. Big-IP responds to client A.
Can this be implemented ? Any help would be appreciated.
George_DimitriaChanging Code:
http://devcentral.f5.com/Default.aspx?tabid=28&forumid=5&postid=5362&view=topic
when HTTP_REQUEST {
set caddr [IP::client_addr]
set header_host [HTTP::host]
if { $header_host ne "" } {
if { "$caddr" eq "xxx.xxx.xxx.xxx" or "$caddr" eq "yyy.yyy.yyy.yyy" or "$caddr" eq "zzz.zzz.zzz.zzz"} {
request comes from proxy servers
persist source_addr 180
pool POOL_HTTP_SERVERS
} else {
request comes from clients, redirect to proxy servers and rewrite URI
set header_uri [HTTP::uri]
HTTP::uri "http://$header_host$header_uri"
HTTP::header remove "Connection"
HTTP::header insert "Proxy-Connection" "Keep-Alive"
persist source_addr 180
pool POOL_HTTP_PROXIES
}
} else {
HTTP::respond 403 content "HTTP Error 403 - Forbidden"
}
}
when HTTP_RESPONSE {
set caddr [IP::client_addr]
set location [HTTP::header "Location"]
if { "$caddr" eq "xxx.xxx.xxx.xxx" or "$caddr" eq "yyy.yyy.yyy.yyy" or "$caddr" eq "zzz.zzz.zzz.zzz"} {
response from HTTP servers, nothing is needeed
return
} else {
response to clients, Location has to be rewritten.
set loc_start ""
if { $location starts_with "http://" } {
set loc_start "http://"
} elseif { $location starts_with "https://" } {
set loc_start "https://"
}
set loc_start_len [string length $loc_start]
set loc_end [substr $location $loc_start_len]
set loc_to_search [getfield $loc_end "/" 1]
set loc_to_search_len [string length $loc_to_search]
set loc_end [substr $loc_end $loc_to_search_len]
set new_loc $loc_end
HTTP::header replace "Location" $new_loc
return
}
}
Where
xxx.xxx.xxx.xxx
yyy.yyy.yyy.yyy
zzz.zzz.zzz.zzz
are the IP's of the proxy servers, to which the requests are redirected.
Any comments are welcome......- The way we did this was to create two VIPS one for the proxys and the other for the web servers. We pointed our DNS to the Proxy vip, and had the proxys loop back to the BigIp to the other vip and have them hit the web server. The main reson for this was we felt it was a little cleaner and allowed for little easer trouble shooting for our standpoint. The one big thing with eather of the setup is make sure the proxys and the web servers are on different networks or you will run into problems.
