Transparent proxy from within an iRule
We have our user traffic transiting an LTM on its way to the Internet. A 'standard' virtual server is configured to capture all traffic (0.0.0.0/0 --> 0.0.0.0/0) on TCP port 80. That VS has the "http" http-profile, so that we can see/manipulate HTTP connections. An iRule is attached to the virtual server that redirects all HTTP traffic to our captive portal:
when HTTP_REQUEST {
HTTP::redirect "https://connect.example.com"
}
That all works fine. Our requirements are changing slightly, such that we need to allow some URLs through the box. I can't create a second virtual server (for instance, an IP Forwarding VS), as the precendence rules only allow a single VS to handle the traffic.
I've also tried configuring a transparent proxy, but no matter what combination of knobs & buttons I try, no traffic is observed on the external interface. I just get a connection reset.
What's the best way to accomplish this?
Thanks!
Norman