cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Joe_Jordan
F5 Employee
F5 Employee

Problem this snippet solves:

This iRule identifies Secure Proxy connections and begins to process them. Once the user is authenticated, it sets APM session information and passes the user to the connect proxy virtual server you created

This iRule is part of the F5 Deployment Guide "Deploying the BIG-IP APM Secure Proxy with Citrix XenAPP" which can be found in Resources section of f5.com

Please see the deployment guide for full instructions on how to install, use and configure this iRule.

Code :

# switch off SSL if this is HTTP CONNECT request
when CLIENT_ACCEPTED {
TCP::collect 7
}
when CLIENT_DATA {
if { [TCP::payload 7] equals "CONNECT" } {
SSL::disable
}
TCP::release
}
# https proxy
when HTTP_REQUEST {
#log local0. "Method: [HTTP::method]"
if { [HTTP::method] equals "CONNECT" } {
set authstr [HTTP::header Proxy-Authorization]
# access policy session ID is passed in proxy username
if { [string length $authstr] == 0 } {
HTTP::respond 407 Proxy-Authenticate "Basic realm=\"123\""
return
}
# extract the base64 username:pass
set authstr [lindex [ split $authstr " " ] 1 ]
# b64 decode it
set authstr [b64decode $authstr]
# extract username
set authstr [ lindex [ split $authstr ":" ] 0 ]
# make sure session with this ID really exists
if { ![ACCESS::session exists $authstr] } {
HTTP::respond 407 Proxy-Authenticate "Basic realm=\"123\""
return
}
# disable access policy checks
ACCESS::disable
# forward to the 2nd virtual
use virtual citrix_connect_proxy
}
}
Version history
Last update:
‎17-Mar-2015 17:03
Updated by:
Contributors