Nimbostratus
Employee
I don't have answer to your question.
I just show you alternative iRule which can be example how to handle CONNECT method. (It is not well-written, btw)
- the part that handles CONNECT method is in client_data (you need to have tcp::collect in client_accepted so client_data can be fired)
- the idea is to detect if it starts with word "CONNECT", then resolve IP, then HTTP::disable
a few things to note
- this iRule does not contains any error handling (it needs extra work)
- I have this running with pre-v11 and never test with older version (sorry)
- this irule use new RESOLV::lookup command in v10. you might have to port this to use NAME::lookup if you want to stay in v9
when CLIENT_ACCEPTED {
snat automap
TCP::collect
}
when CLIENT_DATA {
if { [TCP::payload] starts_with "CONNECT" } {
set uri [getfield [TCP::payload] " " 2]
set host [getfield $uri ":" 1]
set port [getfield $uri ":" 2]
if { [catch {IP::addr $host mask 255.255.255.255} ] } {
set ips [RESOLV::lookup @1.2.3.4 -a $host]
set host [lindex $ips 0]
}
log local0.alert "[IP::client_addr] CONNECT: node $host $port"
log local0.alert "[IP::client_addr] PAYLOAD: [TCP::payload]"
node $host $port
HTTP::disable
TCP::respond "HTTP/1.0 200 Connection Established\r\n\r\n"
TCP::payload replace 0 [TCP::payload length] ""
}
TCP::release
}
when HTTP_REQUEST {
set method [HTTP::method]
set host [URI::host [HTTP::uri]]
set port [URI::port [HTTP::uri]]
regexp {http://[^/]+(/[^?]*)?.*} [HTTP::uri] match path
set query [URI::query [HTTP::uri]]
if { $port eq "" } { set port 80 }
log local0.alert "$method [HTTP::uri] => $host"
if { [catch {IP::addr $host mask 255.255.255.255} ] } {
set ips [RESOLV::lookup @1.2.3.4 -a $host]
set host [lindex $ips 0]
}
if { $host eq "" } {
log local0.alert "unknown host"
reject
HTTP::respond 200 content "unknown host [HTTP::host]"
return
}
if { $query eq "" } {
HTTP::uri "${path}"
} else {
HTTP::uri "${path}?${query}"
}
log local0.alert "node $host $port uri=[HTTP::uri]"
node $host $port
}