Redirecting http request to external url via proxy

I have managed to indeed get the CONNECT message towards the proxy and getting the 200 OK reply indicating the proxy is in SSL transparent mode.

 

 

My next challenge is getting the F5 to start the ssl handsake with the target web-server.

 

 

Our challenge is exaclty a little bit more complicated than described in the last post. I will try to explain what we are trying to do.

 

 

For our main domain the F5 is setup to do SSL offloading, so the client SSL connection is termintated on the F5. A iRule is than used to load balance to different application pools based on the URI requested. For all normal pools no SSL is used.

 

One URI is used to download a java script for trojan detection on the client PC, so the F5 should do the following task when the URI is matching in the HTTP_REQUEST event:

 

 

1. change the host to the URL of the external company providing the script (rewrite HTTP host header)

 

2. remove specific application session cookie (cookie remove)

 

3. send CONNECT message to proxy pool to tell proxy SSL session is coming up

 

4. start SSL handsake with external website.

 

5. reply of external website should be directed back to the orginal client requesting the uri.

 

 

I have been trying to use the suggested iRule in combination with the already configured HTTP_REQUEST event but no success yet.

 

In the SERVER_CONNECTED event I have disabled SSL SSL::disable to have the CONNECT message send as normal TCP traffic. But the problem is once the 200 OK has been received from the proxy SSL should be enabled again and the HTTP request with the change host should be send to the proxy.

 

 

I am struggling in finding the correct spot to enable SSL again.

 

 

In a tcpdump I did, it looks like the F5 is sending the rewritten HTTP request immediatly after the CONNECT message before the SSL handsake is started. Causing the proxy to reply with a 400 bad request message.