cancel
Showing results for 
Search instead for 
Did you mean: 

Apply a Policy to an SNAT list

scarville
Nimbostratus
Nimbostratus

I have a SNAT list which translates outgoing traffic from a particular internal IP to a pool of external IPs. This is used for proxying to tax agency sites.

Recently we got dinged on a "security" audit because some of our scraping software uses a user-agent string for an old version of Chrome. The admin for the robots says this cannot be changed so I was told to find a way to fix it.

I first looked at using an irule but found a forum post recommending this is better done with a policy. I created a policy that replacing any user-agent header claiming to be chrome to the (mostly) latest and greatest value. However, I cannot see how to apply this policy to the pool of addresses.

Can this even be done? If so how?

1 ACCEPTED SOLUTION

SamCo
Cirrus
Cirrus

Hello,

To apply such a policy to https traffic, clientssl and serverssl profile will be necessary, and also and http profile, as the policy is intended to modify the http traffic.

If you have such a configuration, it seems there is even no way to set a condition matching selected pool. Then you should probably write an iRule for this, or  find another matching solution (like source ip of the server hosting the scrapper maybe ?)

Cheers,

Sam

View solution in original post

1 REPLY 1

SamCo
Cirrus
Cirrus

Hello,

To apply such a policy to https traffic, clientssl and serverssl profile will be necessary, and also and http profile, as the policy is intended to modify the http traffic.

If you have such a configuration, it seems there is even no way to set a condition matching selected pool. Then you should probably write an iRule for this, or  find another matching solution (like source ip of the server hosting the scrapper maybe ?)

Cheers,

Sam