Forum Discussion
Nimbostratuspac file i-rule with variable proxy?
Hi,
I found this article very interesting:
https://devcentral.f5.com/wiki/irules.Proxy_Pacfile_Hosting_without_need_for_Web_servers.ashx
however I'd like to do something slightly more complex with the pac file. How can I amend the i-rule such that it defines a different proxy dependant on the clients source IP?
For example users in CE might be on 1.1.1.x or 1.1.2.x and need to go to proxy 1.1.3.1. But users in India might be on 2.2.2.x or 2.2.3.x and need to go to proxy 2.2.2.1.
Is this possible within the same i-rule and what would be the basics of doing this?
thanks
A
6 Replies
PeteWhiteEmployee
I'm sure this would be pretty simple with a switch statement and the whereis function to show where the IP is located.
Some good examples in this article by Jason Rahm
andrew_deackes_thanks Pete but I don't think we can use the "whereis" query as we are talking about internal networks here, all on private address space. I need to be able to define my own set of subnets that should go to proxy 1, another set for proxy 2 and anything else defaults to proxy 3.
- PeteWhiteeven easier - create a datagroup containing the internal nets and use the class functions to check whether the client IP address is in the class. https://clouddocs.f5.com/api/irules/class.html
- andrew_deackes_
quick update, I've a test pac file configured on on LTM (DNS being resolved by GTM) with destination load balancing for external sites in the pac logic. After tracking down a misplaced } this is working fine.
Now just need to figure out subsituting different proxy names when the client is in different locations! :-(
- andrew_deackes_
ok, so thought I would achieve this with setting some datagroups to check for the source IP in the irule and then provide a different pac based on that. However, starting with the i-rule I was using I immediately ran into a problems, I tried setting the pac file contents like this:
when RULE_INIT {
set pacfile-india {}
set pacfile-tunis {
}
set pacfile {
} } when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/proxy.pac" {
if {[class match -value -- [IP::client_addr] equals india-pac]} { HTTP::respond 200 content $::pacfile-india "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"} elseif {[class match -value -- [IP::client_addr] equals india-pac]} { HTTP::respond 200 content $::pacfile-tunis "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"} else { HTTP::respond 200 content $::pacfile "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"}}
}
}but it's simply not working! I'm sure I have something basic wrong but can't see it myself, any clues welcome!! Please! :-)
A
- andrew_deackes_
Success!!!! With datagroups defined and a little trial and error (didn't like a - in the pac file names) I can now server 3 pac files from one i-rule for 3 different regions:
when RULE_INIT {
set pacfileindia {}
set pacfiletunis {
}
set pacfile {
} } when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/proxy.pac" {
if {[class match [IP::client_addr] equals india-pac]} { HTTP::respond 200 content $::pacfileindia "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"} elseif {[class match [IP::client_addr] equals tunis-pac]} { HTTP::respond 200 content $::pacfiletunis "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"} else { HTTP::respond 200 content $::pacfile "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"}}
}
}
