For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DannyG_34437's avatar
DannyG_34437
Icon for Cirrus rankCirrus
Oct 16, 2013

LTM/APM as a web proxy

Hi, I need to setup a squid type proxy for very specific 80/443 traffic. Don't need any content filtering, just proxy out to the internet and handle return traffic. I currently have a LTM 4200 with APM that am using for another project. Is it possible to setup a web proxy environment on the LTM to do this?

 

Thoughts?

 

Thanks, Danny

 

design

7 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 17, 2013

    Absolutely, and there are currently three options:

     

    • An HTTP forward proxy iRule:

    https://devcentral.f5.com/wiki/irules.HTTP-Forward-Proxy-v3-2.ashx

     

    • An HTTP forward proxy iApp:

    https://devcentral.f5.com/wiki/iApp.Generic-Forward-Proxy-with-Websense-Filtering-iApp.ashx

     

    • SSL Forward Proxy:

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-3-0/14.html?sr=32555869

     

    I'd also add that these are forward proxy mechanisms, the typical Squid implementation. As for reverse proxy, the BIG-IP platform IS a reverse proxy, so no special configurations are required.

     

  • DannyG_34437's avatar
    DannyG_34437
    Icon for Cirrus rankCirrus
    Oct 17, 2013

    Kevin, many tanks for this... Will start my reading and testing... Am already using the LTM/APM as a reverse proxy and it works great! :)

     

    Thanks, dg

     

  • DannyG_34437's avatar
    DannyG_34437
    Icon for Cirrus rankCirrus
    Oct 18, 2013

    Kevin,

     

    Again, thanks for this, I used the iApp with great success!! :)

     

    Regards, Danny

     

  • DannyG_34437's avatar
    DannyG_34437
    Icon for Cirrus rankCirrus
    Oct 18, 2013

    Hmm... Looks like when I installed the iApp, a couple of my APM apps started having issues. Not sure, but how would I go about removing the iAPP? Thanks, Danny

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 18, 2013

    In the management GUI, under iApp - Application Services, select the service created with the iApp template and click delete. Can you elaborate on the issues you saw?

     

  • DannyG_34437's avatar
    DannyG_34437
    Icon for Cirrus rankCirrus
    Oct 18, 2013

    What i have setup is a reverse proxy to a couple of sharepoint systems. I use a webtop to present a couple of buttons and that has been working just fine. After I installed the iAPP, the webtop continued to work, but the SP applications behind the webtop would fail with a "server unable to process request" or some such message. Not really sure what was failing, just lucky that I had not synced over the changes and was able to bring up the standby unit.. I did notice that the traffic group on the changed LTM was changed with added entries for the local proxy. Not sure what else might have changed, just comparing the configs at the moment.. Thoughts?

     

    Thanks, Danny

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 18, 2013

    Depending on how you had it configured, the iApp-based forward proxy is explicit (you have to specify it in the browser proxy settings). At a minimum it configures an iRule, a DNS lookup source, and a VIP. How did you configure it?

     

Related Content