Manual Chapter : Configuring a per-request policy to select the next hop

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Overview: Simple forward proxy chaining example

Updated Date: 04/30/2026

Configuring a per-request policy to select the next hop

Before you start, you must have configured a pool of proxy servers that all support the same forward proxy mode: explicit or transparent. (Create pools using Local Traffic > Pools.)

You create a per-request policy that uses a Proxy Select agent to select the next hop in a forward proxy chain.

Note: If you include SSL Intercept or SSL Bypass agents in the policy, be sure to place them before other agents.

  1. On the Main tab, click Access > Profiles / Policies > Per-Request Policies.

    The Per-Request Policies screen opens.

  2. To create a new per-request policy, click Create, type a name that is unique among all access profiles and per-request policies, select the accepted languages, and click Finished.

    The Per-Request Policies screen displays the new per-request policy.

  3. In the Name field, locate the policy that you want to update, then in the Per-Request Policy field, click the Edit link.

    The visual policy editor opens in another tab.

  4. On a policy branch, click the (+) icon to add an item to the policy.

    The actions you can use for building a per-request policy are displayed on a popup screen with actions on tabs, such as Authentication, Classification, and General Purpose, and a search field.

  5. On the Traffic Management tab, select Proxy Select and click Add Item.

    A Properties popup screen opens.

  6. From the Pool list, select a pool of one or more proxy servers to serve as the next hop.

    Important: All proxy servers in the pool that you select must support the forward proxy mode that you specify in the Upstream Proxy Mode setting.

  7. From Upstream Proxy Mode, select:

    • Explicit if the proxy servers in the pool support explicit forward proxy.
    • Transparent if the proxy servers in the pool support transparent forward proxy.

  8. For Username and Password, most of the time you can retain the default values (blank).

    These fields support the use of static credentials to authenticate the user at the next hop using HTTP Basic authentication.

  9. Click Save.

    The properties screen closes. The visual policy editor displays.

Be sure to add a disabled HTTP Connect Profile to the virtual server that processes SSL traffic for the forward proxy configuration.

Note: A per-request policy is not in effect unless it and an access profile are specified in virtual servers in the forward proxy configuration.