HTTP::proxy

Description

This command controls the application of HTTP proxy when using an Explicit HTTP profile and controls HTTP Proxy features when using an Explicit HTTP or HTTP proxy chaining profile.

Syntax

HTTP::proxy
HTTP::proxy <enable | disable>
HTTP::proxy uri-rewrite <enable | disable>
# v13+
HTTP::proxy <addr | port | rtdom | exists | iptuple>
HTTP::proxy chain <enable | disable>
HTTP::proxy chain host <hostname> <port>
HTTP::proxy chain port <port>
HTTP::proxy chain retry

HTTP::proxy

  • Returns true (1) if the local proxy handler is enabled, or false (0) if it is presently disabled.

HTTP::proxy <enable | disable>

  • Allows control of proxy processing. If HTTP::proxy disable is called, the proxy will not attempt to look up the proxy request’s hostname, it will simply send the request, unmodified, to the default pool.

HTTP::proxy uri-rewrite <enable | disable>

  • Allows control of the uri sent to the next hop. The uri will be re-written into “proxy form” if this is enabled, with an added “http://” or “https:// prefix.

HTTP::proxy addr

  • Returns the IP address resolved by the HTTP Explicit Proxy for the hostname in the request.

HTTP::proxy port

  • Gets the port used to connect to the remote server for a HTTP Explicit Proxy request.

HTTP::proxy rtdom

  • Returns the route domain id being used to connect to the remote server for the HTTP Explicit Proxy request.

HTTP::proxy exists

  • Returns TRUE if the HTTP Explicit Proxy has resolved the request’s hostname. (This command may be used to check whether other HTTP::proxy dest commands may be safely used in this context.)

HTTP::proxy iptuple

  • Returns the full IP Tuple resolved by the HTTP Explicit Proxy for the request.

HTTP::proxy chain <enable | disable>

  • Allows control of the HTTP Proxy Chaining feature. If it is disabled, then a HTTP CONNECT will not be added to the outgoing request.

HTTP::proxy chain host <hostname> <port>

  • Allows getting or setting the hostname used in the HTTP Proxy Chaining CONNECT request. The port field is optional

HTTP::proxy chain port <port>

  • Allows getting or setting the port described in the hostname used for HTTP Proxy Chaining.

HTTP::proxy chain retry

  • If the status code in the response from the HTTP Proxy Chaining CONNECT request was not a 200, then the connection will be aborted. If this command is called, then the request will be retried once again. (It may be useful to alter the headers sent to include extra authentication information in the new CONNECT request.)

Examples

Example 1: Simple Proxy Chaining

when HTTP_PROXY_REQUEST {
    if { (not [HTTP::method] == "CONNECT") && [URI::host [HTTP::uri]] ends_with ".internal.domain.com" } {
          HTTP::proxy disable
          pool internal_proxy_3128
    } else {
          HTTP::proxy enable
    }
}

Example 2: Advanced Proxy Chaining & URI Rewriting
when HTTP_PROXY_REQUEST {
    log local0. "[HTTP::method] [HTTP::uri]"
    switch [string tolower [URI::host [HTTP::uri]]] {
        "www.google.com" {
             # send request to default pool (aka proxy-chaining)
             HTTP::proxy disable
         }
         "www.abc.com" {
             # change request to a different host - remains a proxy request
             HTTP::uri http://www.google.com/
         }
         "www.def.com" {
             # change request to a normal (not proxy) request - goes to the default pool
             HTTP::uri /def.html
          }
     }
}
when HTTP_REQUEST {
    log local0. "[HTTP::method] [HTTP::uri]"
}

Example 3: Proxy Chaining via Categorization (Requires either an SWG or URL Filtering Subscription)
when RULE_INIT {
    log local0. "Proxy Chain iRule"
    set static::Proxy_Chain_categories {
       /Common/Restaurants_and_Dining
    }
    set static::Proxy_Chain_debug 1
}
when HTTP_PROXY_REQUEST {
    set proxy_chain 0
    if { $static::Proxy_Chain_debug } { log local0. "URI: [HTTP::uri]" }
    # Check for a category match
    set reply [getfield [CATEGORY::lookup [HTTP::uri]] " " 1]
    if {[lsearch -exact $static::Proxy_Chain_categories $reply] >= 0}{
        if { $static::Proxy_Chain_debug } { log local0. "HIT: The category $reply should be bypassed for [HTTP::uri]" }
        set proxy_chain 1
    }
    # Check for a URI::host for HTTP connections
    if {[URI::host [HTTP::uri]] == "www.cariboucoffee.com"} {
        set proxy_chain 1
    }
    # Perform the prescibed action
    if { $proxy_chain } {
        if { $static::Proxy_Chain_debug } { log local0. "Proxy Chain: [HTTP::method] URI:[HTTP::uri]" }
        HTTP::proxy disable
        snat 10.10.1.10
        pool squid
    }
}

Example 4: Explicit Proxy logging
when HTTP_REQUEST {
     if { [HTTP::proxy exists] } {
         log local0. "Explicit proxy request: [HTTP::proxy addr]:[HTTP::proxy port] [HTTP::uri]"
     } else {
         log local0. "Local request:[HTTP::uri]"
     }

 }

Example 5: Proxy Chaining through a VIP-on-VIP solution
when HTTP_REQUEST {
    if { [HTTP::proxy exists] } {
        # Use the tunnel_http_80 virtual, but keep the
        # resolved address to connect to.
        virtual tunnel_http_80 [HTTP::proxy addr] [HTTP::proxy port]
     }
}