pac file i-rule with variable proxy?

Question

Hi,&nbsp;
I found this article very interesting:&nbsp;
https://devcentral.f5.com/wiki/irules.Proxy_Pacfile_Hosting_without_need_for_Web_servers.ashx&nbsp;
however I'd like to do something slightly more complex with the pac file. How can I amend the i-rule such that it defines a different proxy dependant on the clients source IP?&nbsp;
For example users in CE might be on 1.1.1.x or 1.1.2.x and need to go to proxy 1.1.3.1. But users in India might be on 2.2.2.x or 2.2.3.x and need to go to proxy 2.2.2.1.&nbsp;
Is this possible within the same i-rule and what would be the basics of doing this?&nbsp;
thanks&nbsp;
A&nbsp;

petewhite · Answer

I'm sure this would be pretty simple with a switch statement and the whereis function to show where the IP is located.&nbsp;
switch reference&nbsp;
whereis reference&nbsp;
Some good examples in this article by Jason Rahm&nbsp;

andrew_deackes_ · Answer

thanks Pete but I don't think we can use the "whereis" query as we are talking about internal networks here, all on private address space. I need to be able to define my own set of subnets that should go to proxy 1, another set for proxy 2 and anything else defaults to proxy 3.

petewhite · Answer

even easier - create a datagroup containing the internal nets and use the class functions to check whether the client IP address is in the class.

https://clouddocs.f5.com/api/irules/class.html

andrew_deackes_ · Answer

quick update, I've a test pac file configured on on LTM (DNS being resolved by GTM) with destination load balancing for external sites in the pac logic. After tracking down a misplaced } this is working fine.&nbsp;
Now just need to figure out subsituting different proxy names when the client is in different locations! :-(&nbsp;

andrew_deackes_ · Answer

ok, so thought I would achieve this with setting some datagroups to check for the source IP in the irule and then provide a different pac based on that. However, starting with the i-rule I was using I immediately ran into a problems, I tried setting the pac file contents like this:&nbsp;
when RULE_INIT {&nbsp;
   set pacfile-india {  &nbsp;
&nbsp;
}&nbsp;
set pacfile-tunis {&nbsp;
&nbsp;
}&nbsp;
set pacfile {&nbsp;
&nbsp;
}
}
when HTTP_REQUEST {&nbsp;
  switch -glob [string tolower [HTTP::uri]] {&nbsp;
   "/proxy.pac" {&nbsp;
if {[class match -value -- [IP::client_addr] equals india-pac]}
     { HTTP::respond 200 content $::pacfile-india "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"}
elseif {[class match -value -- [IP::client_addr] equals india-pac]}
     { HTTP::respond 200 content $::pacfile-tunis "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"}
else
     { HTTP::respond 200 content $::pacfile "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"}&nbsp;
}&nbsp;
 }&nbsp;
}&nbsp;
but it's simply not working! I'm sure I have something basic wrong but can't see it myself, any clues welcome!! Please! :-)&nbsp;
A &nbsp;

Forum Discussion

pac file i-rule with variable proxy?

6 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

APM variable assign examples

i-rule header insert - APM

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

iRule variable

I-rule for adapt request "response page"