Forum Discussion
mikegray_198028
Cirrus
Cirrusirule to connect external domains via webproxy
Hello,
Here i am searching for a solution to connect to a public domain (www.ventanillaunica.gob.mx)) via web proxy
User/client(https://test.mydomain.com)) => LTM VIP => Proxy pool => internet ==>https://www.ventanillaunica.gob.mx .
User is initiating HTTPS connection to vip and we can add web-proxy server(http/https) with anonymous access to this pool then the request should go to the destination domain.
Can some one help me with this
7 Replies
Amanpreet_SinghCirrostratus
What is your actual question or problem that you want to sort ? Please elaborate
mikegray_198028the destination domain is hosted on amazon elb hence the ip is keep changing we don't have option to auto populate pool members if we auto populate also firewall change required. to avoid all these i want to redirect traffic via proxy- mikegray_198028Cnc)(/S1-green-P:Active)(/Common)(tmos.ltm) list virtual test_webpxy ltm virtual test_webpxy { destination 192.168.0.10:any ip-protocol tcp mask 255.255.255.0 pool test_webpxy profiles { tcp { } } rules { test_webpxy } source 0.0.0.0/0 source-address-translation { type automap } translate-port disabled vs-index 564 } /S1-green-P:Active)(/Common)(tmos.ltm) list pool test_webpxy ltm pool test_webpxy { members { webproxy.mydomain.com:webcache { address 192.168.0.65 session monitor-enabled state up } } monitor tcp_half_open } /S1-green-P:Active)(/Common)(tmos.ltm) list rule test_webpxy ltm rule test_webpxy { when CLIENT_ACCEPTED { set bypass 0 set bufferdata "" TCP::collect 0 0 } when CLIENT_DATA { if { $bypass eq 1 } { TCP::payload replace 0 [string length $bufferdata] "" TCP::release return } set bufferdata [TCP::payload] TCP::collect } when SERVER_CONNECTED { serverside {TCP::respond "CONNECT www.ventanillaunica.gob.mx:443 HTTP/1.0\r\n\r\n"} TCP::collect } when SERVER_DATA { if { $bypass eq 1 } { TCP::release return } if { [TCP::payload] starts_with "HTTP/1.0 200 Connection established\r\n\r\n" } { TCP::payload replace 0 39 "" TCP::respond $bufferdata TCP::release set bypass 1 } else { TCP::close } } }
- mikegray_198028Cnc)(/S1-green-P:Active)(/Common)(tmos.ltm) list virtual test_webpxy ltm virtual test_webpxy { destination 192.168.0.10:any ip-protocol tcp mask 255.255.255.0 pool test_webpxy profiles { tcp { } } rules { test_webpxy } source 0.0.0.0/0 source-address-translation { type automap } translate-port disabled vs-index 564 } /S1-green-P:Active)(/Common)(tmos.ltm) list pool test_webpxy ltm pool test_webpxy { members { webproxy.mydomain.com:webcache { address 192.168.0.65 session monitor-enabled state up } } monitor tcp_half_open } /S1-green-P:Active)(/Common)(tmos.ltm) list rule test_webpxy ltm rule test_webpxy { when CLIENT_ACCEPTED { set bypass 0 set bufferdata "" TCP::collect 0 0 } when CLIENT_DATA { if { $bypass eq 1 } { TCP::payload replace 0 [string length $bufferdata] "" TCP::release return } set bufferdata [TCP::payload] TCP::collect } when SERVER_CONNECTED { serverside {TCP::respond "CONNECT www.ventanillaunica.gob.mx:443 HTTP/1.0\r\n\r\n"} TCP::collect } when SERVER_DATA { if { $bypass eq 1 } { TCP::release return } if { [TCP::payload] starts_with "HTTP/1.0 200 Connection established\r\n\r\n" } { TCP::payload replace 0 39 "" TCP::respond $bufferdata TCP::release set bypass 1 } else { TCP::close } } }
- mikegray_198028The below one is my config can someone help me
- The_Bhattman
Nimbostratus
Is this is a client with a web browser (I.E, Firefox, Chrome Safari, etc) or is this for an Application?
-=Bhattman=-
- Kai_Wilke
MVP
Hi Mike,
I've recycled some existing code of my SNI RDP Proxy project for you. Enjoy...
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { set tls_start [TCP::payload] TCP::payload replace 0 [TCP::payload length] "CONNECT www.ventanillaunica.gob.mx:443 HTTP/1.0\r\n\r\n" TCP::release } when SERVER_CONNECTED { TCP::collect } when SERVER_DATA { if { [TCP::payload] contains "Connection established" } then { TCP::payload replace 0 [TCP::payload length] "" TCP::respond $tls_start unset -nocomplain tls_start TCP::release } else { reject } }Cheers, Kai
