Do you wish to forward a request from the BIG-IP to a pool of proxy servers, or do you intend for the BIG-IP to cache the content (which a squid caching server would do in this case)? Further, are you intending to accept HTTPS requests and, on the backend, also use TLS/HTTPS? Do you want to forward for just requests against a specific domain (domain.domain.eu in your example)?
If you don't care about the domain and you are not caching the content on the BIG-IP, then you can use a straight fastL4 Virtual Server:
If you want to handle requests only for specific domains, you have two choices:
- Use the CN on the certificate (and possibly the alts);
- Unencrypt on the BIG-IP and use the Host header (as you appear to be doing above).
Assuming you require 2, you must create a Virtual Server with a client-ssl profile:
If you subsequently must re-encrypt the request toward the parent cache, you must also use a server-ssl profile:
From there, to forward only traffic for the specified domain, you may use an iRule:
when HTTP_REQUEST {
if { [getfield [string tolower [HTTP::host]] : 1] eq "domain.domain.eu" } {
pool parent-proxy-pool
}
}
or with a Local Traffic Policy:
ltm policy parent-proxy {
controls { forwarding }
requires { http }
rules {
rule-domain.domain.eu {
actions {
0 {
forward
select
pool pool-parent-proxy
}
}
conditions {
0 {
http-host
values { domain.domain.eu }
}
}
ordinal 1
}
}
strategy first-match
}
If you require local caching on the BIG-IP, that is a matter of provisioning Application Acceleration Manager (AAM) and assigning a to the listening Virtual Server.
If I've completely misunderstood your question, I apologize in advance and look forward to hearing more :).
Nimbostratus
