Proxy iRule - Office 365 Bypass

Getting there...

Had to change the HTTP profile on the VS to http-explicit, but I have definitely progressed the solution. External DNS is working and the traffic I dont want to bypass the proxies still go via the Bluecoats.

The next hurdle I have is two issues:

1. SNAT Pool is not working, the client IP is making it past the F5 onto the external firewall with the original client IP. It needs to be SNATTed: EDIT: WORKS NOW. Moved the snatpool from bottom of IF statement to type and works for SNAT. Still have issue 2 to resolve.

2. Internally, we use a non standard port to tunnel traffic to the explicit proxy ( say port 98 ). The proxy just forwards port 89, instead of changing to 80 or 443.

Will continue myself to play around but interested in any suggestions.

when HTTP_PROXY_REQUEST {

set websitehost [string tolower [HTTP::host]]

if { [class match $websitehost equals O365_Websites] } {

    snatpool SNAT-O365-Outbound
    HTTP::proxy
    log local0.info "Proxy bypass hit for site: $websitehost"
    log local0.info "Port for $websitehost should be"

}
else {

    HTTP::proxy disable
    pool pool-Proxy201
}

}