Manual Chapter :
Configuring a per-request policy to select
the next hop
Applies To:
Show VersionsBIG-IP APM
- 15.0.1, 15.0.0
Configuring a per-request policy to select
the next hop
Before you start, you must have configured a pool of proxy servers that all support the
same forward proxy mode: explicit or transparent. (Create pools using
.) You create a per-request policy that uses a Proxy
Select agent to select the next hop in a forward proxy chain.
If
you include
SSL Intercept
or SSL Bypass
agents in
the policy, be sure to place them before other agents.- On the Main tab, click.The Per-Request Policies screen opens.
- To create a new per-request policy, clickCreate, type a name that is unique among all access profiles and per-request policies, select the accepted languages, and clickFinished.
- In theNamefield, locate the policy that you want to update, then in thePer-Request Policyfield, click theEditlink.The visual policy editor opens in another tab.
- On a policy branch, click the(+)icon to add an item to the policy.The actions you can use for building a per-request policy are displayed on a popup screen with actions on tabs, such as Authentication, Classification, and General Purpose, and a search field.
- On the Traffic Management tab, selectProxy Selectand clickAdd Item.A Properties popup screen opens.
- From thePoollist, select a pool of one or more proxy servers to serve as the next hop.All proxy servers in the pool that you select must support the forward proxy mode that you specify in theUpstream Proxy Modesetting.
- FromUpstream Proxy Mode, select:
- Explicitif the proxy servers in the pool support explicit forward proxy.
- Transparentif the proxy servers in the pool support transparent forward proxy.
- ForUsernameandPassword, most of the time you can retain the default values (blank).These fields support the use of static credentials to authenticate the user at the next hop using HTTP Basic authentication.
- ClickSave.The properties screen closes. The visual policy editor displays.
Be sure to add a disabled HTTP Connect Profile to the virtual server that processes
SSL traffic for the forward proxy configuration.
A per-request policy
is not in effect unless it and an access profile are specified in virtual servers in
the forward proxy configuration.