LTM: Proxy Aware?

There is an irule in the codeshare section that pretty much creates a Virtual Service HTTP Proxy.

Here is a link to the code

https://devcentral.f5.com/wiki/iRules.HTTP-Forward-Proxy-v3-2.ashx

I hope this helps,

-=Bhattman=-

I cannot seem to get this to work.

Im pointing my non-proxy aware application at my virtual server with this iRule assigned to it. For example: modified my hosts file to point www.yahoo.com to 192.168.1.10 (the virtual server). TCPDump confirms www.yahoo.com traffic goes to 192.168.1.10 however what i get back is: "Error: Host not found. Please check the website address"

Any idea as to what im doing wrong?

Hi Lurchmat, The script doesn't account of making an application proxy aware. It's more or less making the F5 behave more like a Proxy itself similiar to Bluecoat, Ironport, Squid.

The following codeshare could help

https://devcentral.f5.com/wiki/iRules.HTTP-Proxy-Encapsulator-v10-v11.ashx

This particular Irule is applied to a VIP which has a pool set up directly at an existing Proxy system. What it does is that it makes the HTTP COnnect call on behalf of the Application cannot.

I hope this helps

Thank you! I will try this tomorrow and let you know how it works out!

Are there any customizations that need to be done to this? I have setup this irule and assigned it to a virtual server using the upstream proxy in its pool.

When i point my hosts file to it i get a reset in my browser. for example:

Hosts file: (192.168.1.10 is my virtual server)

192.168.1.10 www.yahoo.com

I set this up as shown above (also in the code example). I get nothing. I can see the syn, syn-ack, ack then the connect between the client and the LTM. And it shows that the script executed in the statistics however tcpdump between the proxy and LTM shows nothing. How does the LTM know where to forward the HTTP/HTTPS traffic? From the pool member?

That said, in the example above (nitass post), i do not have the ability to enter the lines:

source 0.0.0.0/0
    source-address-translation {
        type automap

Im assuming you are running a different version then i? (im on version 11.1)

Im assuming you are running a different version then i? (im on version 11.1)

i am using 11.5.1 but i do not think it causes a difference.

This is the config i have:
-----list ltm virtual Firewall--------
        modify virtual Firewall {
            destination 172.16.155.10:http
            ip-protocol tcp
            mask 255.255.255.255
            pool FirewallPool
            profiles replace-all-with {
                http { }
                tcp { }
            }
            rules {
                NON_Aware
            }
            snat automap
            translate-port disabled
            vlans-disabled
        }
------list ltm pool FirewallPool-------
        modify pool FirewallPool {
            members replace-all-with {
                FirewallPrimary:http {
                    address 10.1.2.210
                }
            }
            monitor gateway_icmp
        }
------list ltm rule non-aware-proxy------
        when SERVER_CONNECTED {
              set bypass 0
              serverside {TCP::respond "CONNECT www.cnn.com:[TCP::server_port] HTTP/1.0\r\n\r\n"}
              TCP::collect
         }
         when SERVER_DATA {
              if { $bypass eq 1 } {
                      TCP::release
                      return
              }
              if { [TCP::payload] starts_with "HTTP/1.1 200" } {
                      TCP::payload replace 0 [TCP::payload length] ""
                      TCP::release
                      set bypass 1
              } else {
                      TCP::close
              }

         }

if website is http, the HTTP Proxy Encapsulation irule won't work because it does not use CONNECT method.

for http, can you try something like this?

when HTTP_REQUEST {
 HTTP::uri "http://[HTTP::host][HTTP::uri]"
}

if website is http, the HTTP Proxy Encapsulation irule won't work because it does not use CONNECT method.

for http, can you try something like this?

when HTTP_REQUEST {
 HTTP::uri "http://[HTTP::host][HTTP::uri]"
}