For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Intelligent Proxy Steering - Office365

Problem this snippet solves:

Uses Microsoft Office 365 IP Intelligence - V0.2 to steer around Explicit Proxy servers.

How to use this snippet:

Refer to this Article: Intelligent Proxy Steering - Office365

Code :

###
### Name   : office365_proxy_bypass_irule
### Author : Brett Smith @f5
### Date   : 2018-02-25
###

when RULE_INIT {
## debug logging control
# 0 = no logging, 1 = debug logging (Test/Dev Only).
set static::office365_proxy_dbg 1

## SNAT Pool settings
# 0 = use virtual server settings, 1 = enable SNAT pool for O365 taffic
set static::office365_snat 0
set static::office365_snat_pool "office365_snat_pool"

## set table timeout to 1 hour
set static::office365_cache_timeout 3600
set static::office365_cache_lifetime 3600
}

proc proxy_log { log_message } {
if { $static::office365_proxy_dbg } {
log local0.info $log_message
}
}

when CLIENT_ACCEPTED {
call proxy_log "[IP::client_addr]:[TCP::client_port] --> [IP::local_addr]:[TCP::local_port]"
}

when HTTP_PROXY_REQUEST {

call proxy_log "## HTTP Proxy Request ##"
call proxy_log "[HTTP::method] [HTTP::uri] HTTP/[HTTP::version]"
call proxy_log "Host: [HTTP::host]"
call proxy_log "User-Agent: [HTTP::header User-Agent]"
call proxy_log "Proxy-Connection: [HTTP::header Proxy-Connection]"

# Strip of the port number
set host [lindex [split [HTTP::host] ":"] 0]

# Valid O365 Product product names (as per XML):
# o365, LYO, Planner, Teams, ProPlus, OneNote, Yammer, EXO, Identity, EOP,
# Office365Video, WAC, SPO, RCA, Sway, EX-Fed, OfficeMobile, CRLs, OfficeiPad
    #
    # Use 'any' to match all products.
set o365_product "any"

# Is the bypass result in the Cache?
# Returns 0 (send to default pool) or 1 (bypass proxy pool) or "" (not in cache)
    set bypass [table lookup -subtable host_cache $host]
    
    # Host not in cache - perform DB lookup
    if { $bypass eq "" } {
        call proxy_log "$host not in cache - perform DB lookup"
        
        if { [catch { set rpc_handle [ILX::init office365_ipi_plugin office365_ipi_extension] } ] } {
            log local0.error  "Host - $host, ILX::init failure: The ILX Extension may have been terminated."
            return
        }
        if {[catch {ILX::call $rpc_handle checkProductURL $o365_product $host} bypass]} {
            log local0.error  "Host - $host, ILX failure: $bypass"
            return
        }
        # Cache the result
        table set -subtable host_cache $host $bypass $static::office365_cache_timeout $static::office365_cache_lifetime
    } else {
        call proxy_log "$host found in cache"
    }

# If the hostname matches a MS 0ffice 365 domain, enable the Forward Proxy on BIG-IP.
if { $bypass } {
# Perform a DNS lookup and act as the Explicit Forward Proxy bypassing the default pool members
call proxy_log "$host - bypass: $bypass"
HTTP::proxy enable

# Use a SNAT pool?
if { $static::office365_snat } {
    call proxy_log "Using SNAT pool $static::office365_snat_pool"
snatpool $static::static::office365_snat_pool
}

} else {
    # Reverse proxy the request unmodified to the default pool members.
    call proxy_log "$host - bypass: $bypass"
HTTP::proxy disable
}
}

when SERVER_CONNECTED {
    call proxy_log "[IP::client_addr]:[TCP::client_port] ([IP::local_addr]:[TCP::local_port]) --> [IP::server_addr]:[TCP::server_port]"
}

Tested this on version:

13.0
Published Apr 20, 2018
Version 1.0
BIG-IP Access Policy Manager (APM)
cloud
security
No CommentsBe the first to comment