HTTP_ Connect_ Proxy_iRule

Problem this snippet solves:

This iRule identifies Secure Proxy connections and begins to process them. Once the user is authenticated, it sets APM session information and passes the user to the connect proxy virtual server you created

This iRule is part of the F5 Deployment Guide "Deploying the BIG-IP APM Secure Proxy with Citrix XenAPP" which can be found in Resources section of f5.com

Please see the deployment guide for full instructions on how to install, use and configure this iRule.

Code :

# switch off SSL if this is HTTP CONNECT request
when CLIENT_ACCEPTED {
TCP::collect 7
}
when CLIENT_DATA {
if { [TCP::payload 7] equals "CONNECT" } {
SSL::disable
}
TCP::release
}
# https proxy
when HTTP_REQUEST {
#log local0. "Method: [HTTP::method]"
if { [HTTP::method] equals "CONNECT" } {
set authstr [HTTP::header Proxy-Authorization]
# access policy session ID is passed in proxy username
if { [string length $authstr] == 0 } {
HTTP::respond 407 Proxy-Authenticate "Basic realm=\"123\""
return
}
# extract the base64 username:pass
set authstr [lindex [ split $authstr " " ] 1 ]
# b64 decode it
set authstr [b64decode $authstr]
# extract username
set authstr [ lindex [ split $authstr ":" ] 0 ]
# make sure session with this ID really exists
if { ![ACCESS::session exists $authstr] } {
HTTP::respond 407 Proxy-Authenticate "Basic realm=\"123\""
return
}
# disable access policy checks
ACCESS::disable
# forward to the 2nd virtual
use virtual citrix_connect_proxy
}
}