Monday, February 20, 2012

F5 Pacfiles R Us Part Duex

 

In my previous article I explained how pac files can be consolidated by using an F5 Load Balancer eliminating a web server in the process.   The pac file for the most part was very static.  What if you want to make it dynamic – such that you have many different proxy systems and you want to serve a different version of the pacfile based on client’s source address.

In this article I am going to show you a way to make it dynamic in 2 steps

 

1. First you need to create a data group contain the IP address of the clients associated to the proxy systems that you want to use.

Name: regions_proxy

Type: Address

"10.10.10.0/255.255.255.0" := "proxy-a.domain.com:8080"

"10.10.0.0/255.255.0.0" := "proxy-b.domain.com:8080"

.

.

.

"10.0.0.0/255.0.0.0" := "proxy-c.domain.com:8080"

...Etc

 

 

2.    Then you need the iRule itself.  This time you are going to use Datagroups and variables

when RULE_INIT {
        # Set the contents of the PAC file to be delivered within static::pacfile. While
        # specific logic here is fine, the "localized" proxy
        # should be returned using the $selected_proxy variable... this
        # variable will be filled in when the file delivered
        # with the value learned from the DataGroup.

   set static::pacfile {
     function FindProxyForURL(url, host) {

         if (isPlainHostName(host))
         return "DIRECT";

         if (shExpMatch(url, "http://10.*")||
         shExpMatch(url, "https://10.*")||
         shExpMatch(url, "ftp://10.*")||
         shExpMatch(url, "http://localhost*")||
         shExpMatch(url, "https://localhost*")||
         shExpMatch(url, "http://127.0.0.1*")||
         shExpMatch(url, "https://127.0.0.1*")||
         shExpMatch(url, "http://172.*")||
         shExpMatch(url, "https://172.*")||
         shExpMatch(url, "ftp://172.*"))
         return "DIRECT";

      if (dnsDomainIs(host, ".extranet.com")||
         dnsDomainIs(host, ".extranet2.com"))
         return "Proxy $proxyselect";
        
         if (dnsDomainIs(host, ".intrant.com")||
         dnsDomainIs(host, ".intranet2.com"))
         return "DIRECT";
       
      return "PROXY $proxyselect";
      }
   }
}

when CLIENT_ACCEPTED {

        # Create a DataGroup class called "proxy_regions" and populate it with
        # the IP networks and their proxy value assignments:
        #
        # "10.0.0.0/8" := "proxya.domain.com:8080"

        if { [class match [IP::client_addr] eq regions_proxy] } {
                set proxyselect "[class match -value [IP::client_addr] eq regions_proxy]"
        } else {
                set proxyselect "DIRECT"
        }
}


when HTTP_REQUEST {
   # Returns pacfile via "proxy.pac" as part of the HTTP Request
   # with specific proxy Content-type
   switch [HTTP::uri] {
      "/proxy.pac" {
         HTTP::respond 200 content [subst $static::pacfile] "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"
      }
   }
}

As you can see with datagroups and variables.  You can control how the pacfile is structured and customized without create different file versions.

No comments:

Post a Comment