In BIG-IP v11.5.1 and up, F5 supports altering connection parameters prior to handling an outgoing explicit proxy connection. This allows you to create either a proxy chain, or manipulate the outgoing request prior to name resolution. The following rule is an example of the latter feature.
The iRule below will allow you to catch unqualified ("shortname") host lookups and attach a domain name suffix of your choice prior to sending them for name resolution. This is typically not necessary, as most user-agents are configured to bypass the proxy for these types of hostnames (believing them to be local to the network rather than through the proxy); however, there may be scenarios where handling internal host connections via the proxy is necessary. The rule below will allow you to handle these connections.
Code :
when RULE_INIT {
# iRule to attach a default domain to a shortname HTTP proxy request
#
# Set the default domain to be appended to a shortname request before releasing it to name resolution.
# This should be prepended with a leading dot as in the example below.
set static::default_domain ".customer.com"
# Turn on debugging of shortname handling for troubleshooting (normally disabled => 0).
set static::shortname_debug 0
}
when HTTP_PROXY_REQUEST {
# Parse and save the original request URI
set orig_uri [HTTP::uri]
set orig_host [URI::host $orig_uri]
if { $orig_host equals "" } {
set orig_host [HTTP::host]
}
if { not [string match *\.* $orig_host] } {
set shortname_detected 1
} else {
set shortname_detected 0
}
# Rewrite the URI prior to submitting it for name resolution.
# We need to write it differently for CONNECT requests. All other requests share the same construction.
if { $shortname_detected } {
if { [URI::port $orig_uri] equals "80" } {
set orig_port ""
} else {
set orig_port [URI::port $orig_uri]
}
set orig_protocol [URI::protocol $orig_uri]
set orig_path [URI::path [HTTP::path]]
set orig_basename [URI::basename [HTTP::path]]
if { [HTTP::query] equals "" } {
set orig_query ""
} else {
set orig_query "?[HTTP::query]"
}
if { $static::shortname_debug } { log local0. "u: $orig_uri h: $orig_host p: $orig_port pr: $orig_protocol pa: $orig_path b: $orig_basename q: $orig_query" }
if { $static::shortname_debug } { log local0. "Shortname $orig_host detected." }
switch [string tolower [HTTP::method]] {
"connect" {
# Create the new host from the original shortname
set temp_port [getfield [HTTP::host] ":" 2]
set temp_host [getfield [HTTP::host] ":" 1]
set new_host "${temp_host}${static::default_domain}:${temp_port}"
if { $static::shortname_debug } { log local0. "Rewriting CONNECT to ${new_host}:${orig_port}. [HTTP::host]" }
HTTP::host "${new_host}:${orig_port}"
}
default {
# Create the new host from the original shortname
set new_host "${orig_host}${static::default_domain}"
if { $orig_port equals "" } {
if { $static::shortname_debug } { log local0. "Rewriting [HTTP::method] to ${orig_protocol}://${new_host}${orig_path}${orig_basename}${orig_query}." }
HTTP::uri "${orig_protocol}://${new_host}${orig_path}${orig_basename}${orig_query}"
} else {
if { $static::shortname_debug } { log local0. "Rewriting [HTTP::method] to ${orig_protocol}://${new_host}:${orig_port}${orig_path}${orig_basename}${orig_query}." }
HTTP::uri "${orig_protocol}://${new_host}:${orig_port}${orig_path}${orig_basename}${orig_query}"
}
}
}
}
unset -nocomplain orig_uri orig_port orig_query orig_protocol orig_path orig_basename temp_host temp_port shortname_detected
}
