HTTP Explicit Proxy - V11.5+

Problem this snippet solves:

This iApp configures an Explicit Proxy using the new "Explicit" Proxy Mode that was introduced into the HTTP Profile in BIG-IP 11.5.

You only need LTM or APM provisioned.

It creates all configuration components required including:

  • DNS Resolvers
  • TCP Tunnel
  • HTTP Profile (Explicit)
  • Default Connect Handling set to Allow
  • SNAT Pools (Optional)
  • SNAT Default is Automap

If you require the Explicit Proxy to listen on more than 1 port e.g 3128 and 8080, simply just create another Application Service.

Contributed by: Brett Smith

How to use this snippet:


Published Mar 11, 2015
Version 1.0
explicit
forward proxy
iapp
iApps
LTM
security
  • viktor_kloezer's avatar
    viktor_kloezer
    Icon for Nimbostratus rankNimbostratus
    May 16, 2019

    Hi Brett, the link seems to be not valid anymore. Can you, please provide a new one? Thanks a lot!

  • NVSmithers's avatar
    NVSmithers
    Icon for Nimbostratus rankNimbostratus
    Nov 28, 2018

    Is this designed to work with version 13.1.1? I cant seem to get it to work to save my life.

     

  • Leo_S_356957's avatar
    Leo_S_356957
    Icon for Nimbostratus rankNimbostratus
    Apr 04, 2018

    Hello,

    I am trying to automate creation of this iapp. So far I have got the following variables and tables:

    tmsh create sys application service Proxy { template f5.explicit_proxy tables add { tmsh show /sys serviceresolver__rootresolvers { column-names { ip } rows { { row { 8.8.8.8 } } } } proxy__client_vlan { column-names { vlans } rows { { row { internal } } } } } variables add { proxy__explicit__ip { value 10.51.126.5 } proxy__name { value Proxy } proxy__explicit__port { value 3128 } resolver__intresolvers { value /default } proxy__snatpool { value /default } } }

    and I am geting an error:

    Syntax Error: incomplete command

    Can anyone help get this working?

    Many Thanks

  • Tosin_Omojola's avatar
    Tosin_Omojola
    Icon for Altostratus rankAltostratus
    Jun 13, 2017

    This was working before but now, it just stopped working. The proxy no longer responds to requests

     

  • dihris_116090's avatar
    dihris_116090
    Icon for Nimbostratus rankNimbostratus
    May 09, 2017

    Great work! I managed to deploy successfully explicit proxy for HTTP/HTTPS calls.

     

    Brett, is there a way to control server side encryption separate from the client side without using SSL Forward Proxy features? The problem I'm trying to solve is that I have dev machines supporting clear text only than need to reach resources on the internet that support tls1.2 only. dev machine >> (clear text) >> vIP (LTM Explicit Proxy) >> (encrypted - TLS1.2) Internet Resources

     

    I've tried different ways of using server/client ssl profiles without success. Before going with "tunnel" vIP and SSL Forward Proxy I wanted to see if there is any other way around as from what I read this solution would require additional license.

     

  • willerman's avatar
    willerman
    Icon for Nimbostratus rankNimbostratus
    Mar 13, 2017

    Great iApp!! Works like a charm for HTTP and HTTPS :) Can this somehow be adapted to FTP(S), SFTP and SOCKS?

     

    Cheers

     

  • Smithy's avatar
    Smithy
    Icon for Cirrostratus rankCirrostratus
    Nov 16, 2016

    Hi Eric,

     

    It supports Auth on the Client side. It doesn't support Proxy Chaining - this feature is due to release in BIG-IP 13.0