Forum Discussion
NimbostratusLTM: Proxy Aware?
We use our LTMS to do SSL Authentication via OCSP to various external OCSP responders (Verisign, Entrust, etc). However, i have been tasked with moving our LTMS behind a proxy firewall and cannot find any documentation related to making the LTM proxy aware so that the HTTP traffic can be proxied out to the appropriate external OCSP responder. Does anyone know how to make the LTM proxy aware?????
16 Replies
nitass_89166Noctilucent
if website is http, the HTTP Proxy Encapsulation irule won't work because it does not use CONNECT method.
for http, can you try something like this?
when HTTP_REQUEST { HTTP::uri "http://[HTTP::host][HTTP::uri]" }
lurchmat_56166I will try that......- lurchmat_56166That did the trick for HTTP!!!! I dont know if i need HTTPS yet, but i will post again if i cannot get the other irule code to work. THANK YOU !!!!!
- nitass
Employee
if website is http, the HTTP Proxy Encapsulation irule won't work because it does not use CONNECT method.
for http, can you try something like this?
when HTTP_REQUEST { HTTP::uri "http://[HTTP::host][HTTP::uri]" }- lurchmat_56166I will try that......
- lurchmat_56166That did the trick for HTTP!!!! I dont know if i need HTTPS yet, but i will post again if i cannot get the other irule code to work. THANK YOU !!!!!
- lurchmat_56166
UPDATE: modifying the following line:
serverside {TCP::respond "CONNECT www.cnn.com:[TCP::server_port] HTTP/1.0\r\n\r\n"}
I am actually able to see traffic leave the LTM and hit the proxy. The proxy shows that its allowed but i never get any data back from www.cnn.com. Any thoughts?
- The_Bhattman
Do you have SNAT enabled or disabled?
