HTTP Proxy Encapsulator v10/v11

Problem this snippet solves:

Summary: Allows certain applications to use the HTTP proxy which normally otherwise do not have way to point to the proxy

Contribution

  • Bhattman at gmail dot com (original version)
  • michel.belleau at malaiwah dot com (updated version with fixes for more generic protocol support, i.e.: protocols that do not wait for servers answer to request)

Use Case

Blackberry Enterprise Server does not have proxy settings. However, it does need to access Blackberry BES system on the internet. Thus it can then simply aim a particular IP address either via hostname or the application itself. The IP Address in this case is a :any VIP. The VIP will run the iRule below. The VIP will contain a pool associated to SQUID or Ironport OR Webtrends OR Bluecoat proxy.

Please post questions or fixes for this iRule in iRules forum to get the fastest response

Code :

# Tested on v10.2 version and up

when RULE_INIT {
    # Change to "1" to enable debugging log statements
    set static::proxydebug 0
}

when CLIENT_ACCEPTED {
    if { $static::proxydebug != 0 } { log local0. "Client connected" }
    set bypass 0
    set bufferdata ""
    #  0 to make sure the server-side connection is opened right away
    TCP::collect 0 0
}

when CLIENT_DATA {
    if { $static::proxydebug != 0 } { log local0. "CLIENT_DATA before is |[TCP::payload]|" }
    
    # accumulate until ready, release when connected
    if { $bypass eq 1 } {
         TCP::payload replace 0 [string length $bufferdata] ""
        TCP::release   
        return
    }
    set bufferdata [TCP::payload]
    TCP::collect
}

when SERVER_CONNECTED {
    serverside {TCP::respond "CONNECT :[TCP::local_port clientside] HTTP/1.0\r\n\r\n"}
    TCP::collect
}

when SERVER_DATA {
    if { $bypass eq 1 } {
        TCP::release
        return
    }
    if { $static::proxydebug != 0 } { log local0. "PAYLOAD before is |[TCP::payload]|" }

    # You might need HTTP/1.1 for your proxy, my version of squid was 1.0 
    if { [TCP::payload] starts_with "HTTP/1.0 200 Connection established\r\n\r\n" } {
        TCP::payload replace 0 39 ""
        if { $static::proxydebug != 0 } { log local0. "PAYLOAD after is |[TCP::payload]|" }

        TCP::respond $bufferdata
        TCP::release
         
        set bypass 1

    } else {
        TCP::close
    }  
}

Tested this on version:

10.2
Published Mar 18, 2015
Version 1.0
devops
iRules
  • Ernesto_Mayol_2's avatar
    Ernesto_Mayol_2
    Icon for Nimbostratus rankNimbostratus
    Jan 17, 2018

    I have not had any luck getting this code to work. Could you share information on the following:

     

    • Is this code only useful to proxy http traffic?
    • If https can also be proxied with this irule, could you share any details on the configuration required on the Virtual Server where this irule will be associated?

    Thanks