Forum Discussion
Mike_Rausch_628
Nimbostratus
NimbostratusProxy Pass
I was looking at an earlier entry about Proxy Pass and was wondering if it was what I needed to use.
I am having trouble with overseas clients not being able to connect to a socket server which is just a TCP connection over port 80. They cannot seem to pass through a proxy server with just the TCP call but they can pass through with an HTTP request. The previous entry I was referring to, stated that you could have a request come into the BIGIP as, for example, www.something.com and the BIGIP would change it to something.somethingelse.com.
Does this sound like something I would need to do and does anyone know of a rule that could do it since the Proxy Pass rule that I found is very long and I am not sure what all that it does or if I need to have all of that functionality for one virtual server.
Thanks
Mike
- Hi Mike -
Definitely you can use an iRule to change the Host header for an HTTP request, but that doesn't sound quite like what you need.
Are you saying that they are using port 80 for non-HTTP connections, and the proxy is blocking transactions because they aren't HTTP requests?
/deb 
Kirk_Bauer_1018It sounds like you have non-HTTP traffic traversing over port 80 and certain proxy servers not in your control will not allow the traffic to pass? There is nothing the BIG-IP can do to help this. You probably need to encapsulate the data in HTTP, not just use port 80.
Mike_Rausch_628DEB
Yes....we are using port 80 to make a TCP socket server connection for messaging and such but some of our users cannot get through their proxy unless it is an HTTP call. I was wondering if we could somehow have them send the request through an HTTP call then have the Bigip change it so the server sees it as a TCP:80 request.
The proxy pass rules sounded like it would do something like that but I wasnt sure.- Kirk_Bauer_1018Does the server expect the TCP socket to remain open or constantly open and close?
If the latter then if you changed the client to encapsulate it in HTTP then yes the BIG-IP could convert it, but realistically the better place to do this would be in your server code if you can change that. - Mike_Rausch_628It expects it to remain open during the users session
- Kirk_Bauer_1018Your choices, in order from best solution but most difficult to OK solution but easier are:
1) Rewrite client/server to use native HTTP, HTTPS, or XML over HTTP protocol.
2) Rewrite client/server to encode existing protocol within HTTP or HTTPS.
3) Leave your protocol alone, but use port 443, and make sure your client reads the proxy settings from IE or gets them from the user and uses a "CONNECT servername" call to the proxy to open the pipe up to your server. You then send non-HTTPS traffic through this pipe and hope nobody notices.
Option 3 will work in a lot of cases but some proxies or firewalls will figure it out and block the traffic and/or in some cases close the connection and your client would have to handle re-connection.
The BIG-IP can't help with any of this, unfortunately.
