Virtual_to_enable_proxy-unaware_applications_to_make_outbound_TCP_connections_via_a_HTTP_CONNECT_method

Problem this snippet solves:

In an enterprise environment, direct internet connectivity is often not be supported, but nonetheless there may be applications which do not support SOCKS or HTTP CONNECT proxy methods.

The iRule below will create a TCP virtual which will accept standard TCP connections, and forward them via an HTTP proxy using CONNECT.

The pool members associated with the virtual should be HTTP proxies (i.e. iMimic, Bluecoat, Ironport, etc)

The example will forward all inbound connections to the virtual to the endpoint "srp.na.blackberry.net" on port 3101 via HTTP proxies. If the connection to the destination does not succeed, it will terminate the client-side connection.

Code :

when SERVER_CONNECTED {
      set bypass 0
      serverside {TCP::respond "CONNECT srp.na.blackberry.net:3101 HTTP/1.0\r\n\r\n"}
      TCP::collect
 }
 when SERVER_DATA {
      if { $bypass eq 1 } {
              TCP::release
              return
      }
      if { [TCP::payload] starts_with "HTTP/1.1 200" } {
              TCP::payload replace 0 [TCP::payload length] ""
              TCP::release
              set bypass 1
      } else {
              TCP::close
      }

 }
Published Mar 18, 2015
Version 1.0
No CommentsBe the first to comment