Applies To:
Show Versions
BIG-IP APM
- 13.0.1, 13.0.0
Overview: Controlling forward proxy traffic with APM
On a BIG-IP® system with Access Policy Manager® (APM®), you can configure per-request policies to control forward proxy access with user-defined URL categories and filters that you have configured.
Task summary
You must have created an explicit or a transparent forward proxy configuration.
Task list
Configuring an access policy for forward proxy with SWG
Example policy: User-defined category-specific access control
In this per-request policy example, only recruiters are allowed to access URLs in the user-defined category Employment. The policy also restricts access to entertaining videos during business hours.

Category-specific access restrictions (using user-defined categories)
Example policy: URL filter per user group
Each URL Filter Assign item in this per-request policy example should specify a filter that is applicable to the user group.

URL filter based on group membership
Creating a per-request policy
Applying user-defined URL categories and filters in a per-request policy
Adding a per-request policy to the virtual server
To add per-request processing to a configuration, associate the per-request policy with the virtual server.
Virtual server Access Policy settings for forward proxy
F5 recommends multiple virtual servers for configurations where Access Policy Manager® (APM®) acts as an explicit or transparent forward proxy. This table lists forward proxy configurations, the virtual servers recommended for each, and whether an access profile and per-request policy should be specified on the virtual server.
Forward proxy | Recommended virtual servers (by purpose) | Specify access profile? | Specify per-request policy? |
---|---|---|---|
Explicit | Process HTTP traffic | Yes | Yes |
Process HTTPS traffic | Yes | Yes | |
Reject traffic other than HTTP and HTTPS | N/A | N/A | |
Transparent Inline | Process HTTP traffic | Yes | Yes |
Process HTTPS traffic | Only when a captive portal is also included in the configuration | Only when a captive portal is also included in the configuration | |
Forward traffic other than HTTP and HTTPS | N/A | N/A | |
Captive portal | Yes | No | |
Transparent | Process HTTP traffic | Yes | Yes |
Process HTTPS traffic | Only when a captive portal is also included in the configuration | Only when a captive portal is also included in the configuration | |
Captive portal | Yes | No |