Apply a Policy to an SNAT list

Question

I have a SNAT list which translates outgoing traffic from a particular internal IP to a pool of external IPs. This is used for proxying to tax agency sites.

Recently we got dinged on a "security" audit because some of our scraping software uses a user-agent string for an old version of Chrome. The admin for the robots says this cannot be changed so I was told to find a way to fix it.

I first looked at using an irule but found a forum post recommending this is better done with a policy. I created a policy that replacing any user-agent header claiming to be chrome to the (mostly) latest and greatest value. However, I cannot see how to apply this policy to the pool of addresses.

Can this even be done? If so how?

samco · Accepted Answer

Hello,To apply such a policy to https traffic, clientssl and serverssl profile will be necessary, and also and http profile, as the policy is intended to modify the http traffic.If you have such a configuration, it seems there is even no way to set a condition matching selected pool. Then you should probably write an iRule for this, or&nbsp; find another matching solution (like source ip of the server hosting the scrapper maybe ?)Cheers,Sam

Forum Discussion

Apply a Policy to an SNAT list

1 Reply

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Icontrol REST upload and apply policy- section "http-protocols" ignored?

How to use/apply an HTTP profile in an LTM policy

Applying APM on an iframe