http URI filtering in front of TMG
Hello,
I am familiar with the concept of deploying Microsoft TMG behind F5 LTM with forward proxy/reverse proxy. In that scenario I would use an iApp and follow the relevant deployment guides.
My question scenario is around HTTP URI filtering. I have a virtual server in front of a TMG gateway where I can filter the inbound connections by IP address (CLIENT_ACCEPTED event). I would like to filter (or reject) all inbound connection when a specific URI is requested from outside a few IPs (let's say /clients/secured). This requires HTTP_REQUEST event, which requires an http profile.
I believe I have the iRule setup properly, however the browser just hangs as soon as an http profile is added to the TMG Gateway VS. It hangs without the iRule resource. * I have a custom http profile created that does not process or rechunk http (it is based upon http transparent profile) * I can provide a copy of the iRule in question. * I can describe the VS and edge network architecture if needed.
My questions: 1. Is it possible to place an http profile in front of a TMG gateway server for the solution I am attempting? 2. Should I pursue a different solution? 3. Will full TMG replacement with SWG / iApp provide what I need?
I have better bundle licensing so can leverage other modules outside of LTM if those are more appropriate. Looking to avoid full TMG replacement if possible. Thanks!