Manual Chapter : Configuring a per-request policy to select the next hop

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

Configuring a per-request policy to select the next hop

Before you start, you must have configured a pool of proxy servers that all support the same forward proxy mode: explicit or transparent. (Create pools using
Local Traffic
Pools
.)
You create a per-request policy that uses a Proxy Select agent to select the next hop in a forward proxy chain.
If you include
SSL Intercept
or
SSL Bypass
agents in the policy, be sure to place them before other agents.
  1. On the Main tab, click
    Access
    Profiles / Policies
    Per-Request Policies
    .
    The Per-Request Policies screen opens.
  2. To create a new per-request policy, click
    Create
    , type a name that is unique among all access profiles and per-request policies, select the accepted languages, and click
    Finished
    .
  3. In the
    Name
    field, locate the policy that you want to update, then in the
    Per-Request Policy
    field, click the
    Edit
    link.
    The visual policy editor opens in another tab.
  4. On a policy branch, click the
    (+)
    icon to add an item to the policy.
    The actions you can use for building a per-request policy are displayed on a popup screen with actions on tabs, such as Authentication, Classification, and General Purpose, and a search field.
  5. On the Traffic Management tab, select
    Proxy Select
    and click
    Add Item
    .
    A Properties popup screen opens.
  6. From the
    Pool
    list, select a pool of one or more proxy servers to serve as the next hop.
    All proxy servers in the pool that you select must support the forward proxy mode that you specify in the
    Upstream Proxy Mode
    setting.
  7. From
    Upstream Proxy Mode
    , select:
    • Explicit
      if the proxy servers in the pool support explicit forward proxy.
    • Transparent
      if the proxy servers in the pool support transparent forward proxy.
  8. For
    Username
    and
    Password
    , most of the time you can retain the default values (blank).
    These fields support the use of static credentials to authenticate the user at the next hop using HTTP Basic authentication.
  9. Click
    Save
    .
    The properties screen closes. The visual policy editor displays.
Be sure to add a disabled HTTP Connect Profile to the virtual server that processes SSL traffic for the forward proxy configuration.
A per-request policy is not in effect unless it and an access profile are specified in virtual servers in the forward proxy configuration.