HTTP Explicit Proxy Explained in Plain English

Introduction If you've ever used the old Linux Squid proxy or F5's Secure Gateway solution, you might be familiar with the existence of HTTP Explicit Proxy. If all you're looking for is to configure...
Published May 11, 2020
Version 1.0
application delivery
BIG-IP
http
swg
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 12, 2020

Hi,

Nice recap, glad you reminded me about default-connect-handling. Just wonder if you can pass any ideas what this additional VS can be used for. In config like yours it's actually not doing anything useful (or I am wrong?) so adding it is just introducing (even if minimal) some latency.

My first guess is that it allows you to control what port can be used by client, so if someone will try 8443 it will be blocked - can't recall if I tested it but I Am pretty sure it will work like that. Or maybe it requires adding Reject type VS to the same tunnel?

Anyway, just to make it clear, if you do not care about stuff like that (or any other traffic mods) there is really no point in using deny setting for default-connect-handling - or there is?

Piotr