HTTP Forward Proxy Access FIlter

Hi,

AFM is a Layer 4 firewall. it won't filter on HTTP host.

you can :

• create a data group with all allowed sites:

  ltm data-group internal Proxy_allowed_hosts {
      records {
          www.f5.com { }
          www.google.fr { }
      }
      type string
  }
  

• use this ltm policy (load it with

  load sys config merge from-terminal

  )

  ltm policy FORWARD_PROXY_FILTER {
      controls { forwarding }
      last-modified 2018-06-18:09:11:14
      requires { http http-explicit }
      rules {
          whitelist-http-proxy {
              conditions {
                  0 {
                      http-uri
                      proxy-request
                      host
                      datagroup Proxy_allowed_hosts
                  }
              }
          }
          whitelist-connect {
              conditions {
                  0 {
                      http-method
                      proxy-request
                      values { CONNECT }
                  }
                  1 {
                      http-uri
                      proxy-request
                      starts-with
                      datagroup Proxy_allowed_hosts
                  }
              }
              ordinal 1
          }
          redirect_unknown_host {
              actions {
                  0 {
                      http-reply
                      proxy-request
                      redirect
                      location http://www.google.fr
                  }
                  1 {
                      log
                      proxy-request
                      write
                      facility local0
                      message tcl:[HTTP::uri]
                      priority info
                  }
              }
              ordinal 2
          }
      }
      status published
      strategy first-match
  }