epaalx
Sep 16, 2011Cirrus
Wishing to use F5 LTM as HTTP NAT
I have a requirement to bypass normal security measures for servers seeking license and/or updates.
Below is the simplified version of network.
As per security requirements, Router R1 will only forward traffic to destinations matching predefined F5's Virtual Server address space - all other traffic will be dropped.
My idea is to ask Server owners to insert a cookie into HTTP Request specifying real destination IP but send traffic to VS on Border F5. Ideally, Border F5 VS's iRule would then retrieve that cookie, overwriting HTTP/1.1's HOST header and forward packets to that real destination.
My issue is - as far as I know, VS's iRule can only select from existing pools composed of static members which I can't possibly know before the HTTP Requests arrives - I can't create a pool dynamically (although, I am nor sure how
LB::select
actually works).Any ideas?