For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Proxy pacfile hosting without need for Webservers for v9, v10 and v11

Problem this snippet solves:

The following is an iRule that allows the F5 to serve a proxy pac file to a client without the need of hosting it on a web server or the proxy itself.

Simply create the iRule and associate it to a virtual address running a specific port that has no pools.

Definition

What the heck is a pacfile? Well it's a javascript file that defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL. So you might have specific sites that go through a proxy and some sites that do not. The pac file can do this for you.

To read up more about it you can go to the following links: http://en.wikipedia.org/wiki/Proxy_auto-config http://www.craigjconsulting.com/proxypac.html

Now back to the configuration...

How to use this snippet:

Example

VIP: 192.168.1.20: 80 TCP
Domain: Proxypacfile.intranet.com --> 192.168.1.20

Just set your browser up to use the automatic configuration script:

http://proxypacfile.intranet.com/proxy.pac

You can also set to other ports

Example:

VIP: 192.168.1.21: 9090 TCP
Domain: Proxypacfile2.intranet.com --> 192.168.1.21

Just set your browser up to use the automatic configuration script:

http://proxypacfile2.intranet.com:9090/proxy.pac

Code :

when RULE_INIT {
   set pacfile {
     function FindProxyForURL(url, host) {

         if (isPlainHostName(host))
         return "DIRECT";

         if (shExpMatch(url, "http://10.*")||
         shExpMatch(url, "https://10.*")||
         shExpMatch(url, "ftp://10.*")||
         shExpMatch(url, "http://localhost*")||
         shExpMatch(url, "https://localhost*")||
         shExpMatch(url, "http://127.0.0.1*")||
         shExpMatch(url, "https://127.0.0.1*")||
         shExpMatch(url, "http://172.*")||
         shExpMatch(url, "https://172.*")||
         shExpMatch(url, "ftp://172.*"))
         return "DIRECT";

      if (dnsDomainIs(host, ".extranet.com")||
         dnsDomainIs(host, ".extranet2.com"))
         return "Proxy yourproxy.domain.com:8080";
         
         if (dnsDomainIs(host, ".intrant.com")||
         dnsDomainIs(host, ".intranet2.com"))
         return "DIRECT";
        
      return "PROXY yourproxy.domain.com:8080";
      }
   }
}

when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::uri]] {
   "/proxy.pac" {
      HTTP::respond 200 content $::pacfile "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"
   }
 }
}
Published Mar 18, 2015
Version 1.0
devops
iRules
No CommentsBe the first to comment