Forum Discussion
Kai_Wilke
Dec 05, 2022MVP
Hi SCRN,
if the Explicit Forward Proxy is already working for you, you could simply attach an iRule to the Virtual Server to filter your Client IP and Destination URLs.
when CLIENT_ACCEPTED {
if { [class match -- [IP::client_addr] equals HTTP_PROXY_CLIENTS] == 1 } then {
# Allow trusted clients...
log local0.debug "Trusted Client = [IP::client_addr]"
} else {
# Drop untrusted clients...
log local0.debug "Untrusted Client = [IP::client_addr]"
drop
}
}
when HTTP_PROXY_REQUEST {
if { [class match -- [HTTP::host] equals HTTP_PROXY_ALLOW_LIST] == 1 } then {
# Allow known URLs...
log local0.debug "Allowed URL = [HTTP::host]"
} else {
# Reject unknown URLs...
log local0.debug "Denied URL = [HTTP::host]"
HTTP::respond 403 content "Access Denied" "Content-Type" "text/html"
drop
}
}
Note: Remove or adjust the Log lines as needed...
The iRule uses two Datagroups to specify the allowed Client-IPs and allowed destination IPs.
Note: You can enter individual Client IPs or Subnets as CIDR notation.
Note: You may enter www.domain.de:443 for SSL sites and/or www.domain.de for HTTP sites.
Cheers, Kai