Use F5 APM as Forward Proxy
Hello All,
I have one BIG-IP with APM license and I wan to use it as a forward proxy.
I have used this iApp https://devcentral.f5.com/codeshare/apm-explicit-proxy and now I have:
- DNS Resolver
- Tunnel for traffic
- HTTP profile
- Virtual Server (Proxy) listening on 8080
Although this is configured, when I point to this proxy with my browser it doesn’t seem to work.
I suppose that now I have to create two more separate virtual servers listening on ports 80 and 443 for handling http and https traffic. Am I right?
The question is once I have configured this two virtual servers how can I forward traffic to Internet?
If the VS haven’t got pool members, does it check the routing table? Or I have to create an iRule with something like this:
When HTTP::request { Forward }
When HTTP::response { Forward }
Also, I don’t want to inspect SSL traffic, I Would like to use the Proxy as a passthrough but only allow certain https sites, Do I need to inspect SSL traffic to filter by URLs?
Thanks in advantage
I finally managed to solve my problem, I’m going to explain how to just in case somebody needs it.
First I used the iApp which:
- creates dns resolver
- creates tunnel with tcp-forward option
- creates http profile for explicit-proxy
- creates vs to be used as the proxy
After that I created a new one vs listening on 0.0.0.0:443 and only enabled on the tunnel that was created by te iApp. This is a fast L4 forwarding proxy as I don’t want to inspect ssl traffic.
All the SNAT settings was setted to Automap.