CodeShare
Have some code. Share some code.
cancel
Showing results for 
Search instead for 
Did you mean: 
Smithy
Cirrostratus
Cirrostratus

Problem this snippet solves:

This iApp configures an Explicit Proxy using the new "Explicit" Proxy Mode that was introduced into the HTTP Profile in BIG-IP 11.5.

You only need LTM or APM provisioned.

It creates all configuration components required including:

  • DNS Resolvers
  • TCP Tunnel
  • HTTP Profile (Explicit)
  • Default Connect Handling set to Allow
  • SNAT Pools (Optional)
  • SNAT Default is Automap

If you require the Explicit Proxy to listen on more than 1 port e.g 3128 and 8080, simply just create another Application Service.

Contributed by: Brett Smith

How to use this snippet:


Comments
Payal_S
Legacy Employee
Legacy Employee
Thanks Brett, I am using this iApp - Really helpful.
Jos_Baanders_17
Nimbostratus
Nimbostratus
Thanks for sharing this, how best could we filter URL's, have a whitelist of permitted sites and block all others?
Eric_Marquez_25
Nimbostratus
Nimbostratus
Brett, does this support proxy auth. I'm doing some testing and I would like to use my Virtual F5 as a forwarding proxy with Auth. The auth can be a single username/pass. is it possible to get this added to it?
xunil321_122934
Nimbostratus
Nimbostratus

Eric, we are also interested in implementing some sort of user authentication.

 

Did you had success with your Auth?

 

Great work, thanks.

 

Smithy
Cirrostratus
Cirrostratus

Hi Jos,

 

You can filter URLs, I would recommend the SWG iApp: https://devcentral.f5.com/s/articles/f5-secure-web-gateway-iapp-template

 

It doesn't require a SWG license in 12.1+ and you can create your own custom categories.

 

Smithy
Cirrostratus
Cirrostratus

Hi Eric,

 

It supports Auth on the Client side. It doesn't support Proxy Chaining - this feature is due to release in BIG-IP 13.0

 

willerman
Nimbostratus
Nimbostratus

Great iApp!! Works like a charm for HTTP and HTTPS :) Can this somehow be adapted to FTP(S), SFTP and SOCKS?

 

Cheers

 

dihris_116090
Nimbostratus
Nimbostratus

Great work! I managed to deploy successfully explicit proxy for HTTP/HTTPS calls.

 

Brett, is there a way to control server side encryption separate from the client side without using SSL Forward Proxy features? The problem I'm trying to solve is that I have dev machines supporting clear text only than need to reach resources on the internet that support tls1.2 only. dev machine >> (clear text) >> vIP (LTM Explicit Proxy) >> (encrypted - TLS1.2) Internet Resources

 

I've tried different ways of using server/client ssl profiles without success. Before going with "tunnel" vIP and SSL Forward Proxy I wanted to see if there is any other way around as from what I read this solution would require additional license.

 

Tosin_Omojola
Altostratus
Altostratus

This was working before but now, it just stopped working. The proxy no longer responds to requests

 

Leo_S_356957
Nimbostratus
Nimbostratus

Hello,

I am trying to automate creation of this iapp. So far I have got the following variables and tables:

tmsh create sys application service Proxy { template f5.explicit_proxy tables add { tmsh show /sys serviceresolver__rootresolvers { column-names { ip } rows { { row { 8.8.8.8 } } } } proxy__client_vlan { column-names { vlans } rows { { row { internal } } } } } variables add { proxy__explicit__ip { value 10.51.126.5 } proxy__name { value Proxy } proxy__explicit__port { value 3128 } resolver__intresolvers { value /default } proxy__snatpool { value /default } } }

and I am geting an error:

Syntax Error: incomplete command

Can anyone help get this working?

Many Thanks

s3nthil_183015
Nimbostratus
Nimbostratus

Thanks for sharing. This works well.

 

NVSmithers
Nimbostratus
Nimbostratus

Is this designed to work with version 13.1.1? I cant seem to get it to work to save my life.

 

viktor_kloezer
Nimbostratus
Nimbostratus

Hi Brett, the link seems to be not valid anymore. Can you, please provide a new one? Thanks a lot!

Version history
Last update:
‎11-Mar-2015 14:37
Updated by:
Contributors