AN IRULE THAT INCLUDES ANOTHER PORT AS PART OF CONNECT METHOD PLUS 443
I'm using my LTM as transparent proxy for my users to get to the internet. How do i include a non-standard port in the CONNECT method list,apart from 443. This is the current irule, i want to include another port, say 5057 to the list. First check to see what method we're handling through the proxy. We need to process CONNECT a little differently than other HTTP proxy methods, and we need to discard requests that come through with unsupported methods. Coming out of this section will be: - $host : hostname or bare IP address requested - $port : port of the connection requested - $new_path : normalized URI with the proxy format stripped switch -- [HTTP::method] { "CONNECT" { set is_http 0 set is_https 0 set request_log_line "" set original_request [HTTP::uri] set host [string tolower [getfield [HTTP::uri] ":" 1]] set port [getfield [HTTP::uri] ":" 2] if {$port eq ""}{ set port 443 } set new_path [HTTP::uri] HTTP::header remove "Proxy-Connection" HTTP::cookie remove "MRHSession" if { $static::proxy_debug_L4_VIP_GPRS_TRANSPARENT } { log local0. "Connect request from $host to $port." } set http_version [HTTP::version] set is_connect 1 set is_https 1 }
APM - change CONNECT to GET to trigger per request policy
Hi, I wonder if this is at all possible to trick APM when CONNECT type of request is received to trigger Per Request Policy (PRP). According to my test on v13.0.0HF2 no matter what I will do when VS with Access Policy and PRP policy is receiving CONNECT request PRP is not triggered at all - probably by design, but maybe it's a bug? I would like to be able to use PRP objects to perform URL Filtering (based on target host FQDN) for CONNECT requests. I think - but it's just theory - that if I would be able to use iRule to change CONNECT HTTP/1.1 to GET http://www.host.com HTTP/1.1 then PRP would launch and do URL filtering stuff. Unfortunately my skills in iRule programing is rather limited so I will appreciate any help here. I suspect that maybe there is a way to use when CLIENT_CONNECTED and when CLIENT_DATA to detect CONNECT request, store is in table, change to GET and trick AMP to process it via PRP. Would it be possible? It's as well heavily related to be able to pass CONNECT request to another proxy after validating if host reported in CONNECT is allowed by PRP. PiotrAN IRULE THAT INCLUDES ANOTHER PORT AS PART OF CONNECT METHOD PLUS 443
I'm using my LTM as transparent proxy for my users to get to the internet. How do i include a non-standard port in the CONNECT method list,apart from 443. This is the current irule, i want to include another port, say 5057 to the list. First check to see what method we're handling through the proxy. We need to process CONNECT a little differently than other HTTP proxy methods, and we need to discard requests that come through with unsupported methods. Coming out of this section will be: - $host : hostname or bare IP address requested - $port : port of the connection requested - $new_path : normalized URI with the proxy format stripped switch -- [HTTP::method] { "CONNECT" { set is_http 0 set is_https 0 set request_log_line "" set original_request [HTTP::uri] set host [string tolower [getfield [HTTP::uri] ":" 1]] set port [getfield [HTTP::uri] ":" 2] if {$port eq ""}{ set port 443 } set new_path [HTTP::uri] HTTP::header remove "Proxy-Connection" HTTP::cookie remove "MRHSession" if { $static::proxy_debug_L4_VIP_GPRS_TRANSPARENT } { log local0. "Connect request from $host to $port." } set http_version [HTTP::version] set is_connect 1 set is_https 1 }