Forum Discussion
Stanislas_Piro2
Jun 18, 2018Cumulonimbus
Hi,
AFM is a Layer 4 firewall. it won't filter on HTTP host.
you can :
-
create a data group with all allowed sites:
ltm data-group internal Proxy_allowed_hosts { records { www.f5.com { } www.google.fr { } } type string }
-
use this ltm policy (load it with
)load sys config merge from-terminal
ltm policy FORWARD_PROXY_FILTER { controls { forwarding } last-modified 2018-06-18:09:11:14 requires { http http-explicit } rules { whitelist-http-proxy { conditions { 0 { http-uri proxy-request host datagroup Proxy_allowed_hosts } } } whitelist-connect { conditions { 0 { http-method proxy-request values { CONNECT } } 1 { http-uri proxy-request starts-with datagroup Proxy_allowed_hosts } } ordinal 1 } redirect_unknown_host { actions { 0 { http-reply proxy-request redirect location http://www.google.fr } 1 { log proxy-request write facility local0 message tcl:[HTTP::uri] priority info } } ordinal 2 } } status published strategy first-match }