HTTP Connect Proxy_helper_for_ Citrix_ Xen APP_ Server
Problem this snippet solves:
The HTTP Connect Proxy Helper iRule identifies whether a client is a PN Agent. If so, the connection is handled differently than normal Web Interface users. Among other things, the authentication credentials are received via headers and need to be passed through. This is also correlated with the APM session information.
This iRule is part of the F5 Deployment Guide "Deploying the BIG-IP APM Secure Proxy with Citrix XenAPP" which can be found in Resources section of f5.com
Please see the deployment guide for full instructions on how to install, use and configure this iRule.
Code :
# switch off SSL if this is HTTP CONNECT request when CLIENT_ACCEPTED { TCP::collect 7 } when CLIENT_DATA { if { [TCP::payload 7] equals "CONNECT" } { SSL::disable } TCP::release } when HTTP_REQUEST { if { [HTTP::method] equals "CONNECT" } { # IP:port of the citrix server is passed in proxy password set authstr [HTTP::header Proxy-Authorization] # extract the base64 username:pass set authstr [lindex [ split $authstr " " ] 1 ] # b64 decode it set authstr [b64decode $authstr] # extract password set authstr [ lindex [ split $authstr ":" ] 1 ] set ipport [split $authstr "-" ] set ip [ lindex $ipport 0 ] set port [ lindex $ipport 1 ] if { [matchclass CitrixAppServers equals "$ip-$port"] ne 0 } { } else { log local0. "Invalid IP and Port $ip-$port in CONNECT from IP [IP::client_addr]" reject return } node $ip $port TCP::respond "HTTP/1.0 200 Connection established\r\n\r\n" HTTP::disable discard SSL::enable SSL::collect TCP::collect 7 } } when CLIENTSSL_DATA { binary scan [SSL::payload] c socksver if { $socksver != 5 } { SSL::release return } SSL::payload replace 0 [SSL::payload length] {} if { [info exists socks_connect] } { SSL::respond [binary format H2H2H2H2H2H2H2H2H2H2 05 00 00 01 00 00 00 00 00 00] SSL::release } else { set socks_connect {} SSL::respond [binary format H2H2 05 00] SSL::collect } }
Published Mar 18, 2015
Version 1.0Joe_Jordan
Ret. Employee
Joined November 15, 2004
Joe_Jordan
Ret. Employee
Joined November 15, 2004
No CommentsBe the first to comment