Using F5 APM as a "Authenticated Web Proxy"

Question

Hi, I am new to F5 and I am trying to setup an Authenticated forward proxy for specific ports 80 and 443.
Currently i have a LTM2200 with APM (no SWG), is it possible to setup an authenticated forward web proxy?&nbsp;
I have used the below irule for forward proxy and it works like a charm and users are able to use it to access the internet.&nbsp;
An HTTP forward proxy iRule:
https://devcentral.f5.com/wiki/irules.HTTP-Forward-Proxy-v3-2.ashx&nbsp;
For the authentication, im trying to use Kerberos. I have configured SSO with Kerberos authentication method, access policy to support Kerberos SSO and attaching the access profile to the virtual server (Forward Proxy) for Kerberos SSO.
However when i tried to attach the access profile to the Virtual Server (Forward Proxy) it stopped working. I have tested the access profile on another Virtual Server which is a reverse proxy for a pool of servers and the access profile works.&nbsp;
Is there something which i am missing? I would appreciate if someone could advice.&nbsp;
Thanks in advance
Spencer&nbsp;

matt_dierick · Answer

Hi Spencer,&nbsp;
In release 11.5, you can set a http-explicit profile on your VS. Instead of using the irule. SWG is not mandatory if you are using only web proxy feature. &nbsp;
I would test like this. Download swg iapp in order to create the 3 necessary VS (primary on 8080, http on 80 and https on 443). The iapp will create the right tunnels for the ssl forward proxy. &nbsp;
And to finish, apply your APM policy on the primary VS. You can choose this policy in the iapp. &nbsp;
This a workaround you could test. Make sense ???&nbsp;

mobo_139370 · Answer

Hi, 
Is there any way to use proxy caching feature with SWG ?
Thanks, &nbsp;

matt_dierick · Answer

Unfortunately, not yet.

Forum Discussion

Using F5 APM as a "Authenticated Web Proxy"

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

How I did it - "Application authentication with Verizon ID and F5 Access Policy Manager"

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

SSL Orchestrator Advanced Use Cases: DNS Sinkholing

SSLO in public cloud: Azure inbound L3 use case

Using ChatGPT for security and introduction of AI security