Forum Discussion

SanYang

Cirrostratus

Oct 23, 2025

Solved

Can F5 restrict the file types transferred via FTP?

Hello expert, I have set up an FTP Virtual Server. Can F5 restrict the file types transferred via FTP? Thanks

application delivery

LTM

Niels_van_Sluis

Nov 05, 2025

This article gives nice info about how to set restrictions to FTP with an iRule:

iRule Security 101 - #07 - FTP Proxy | DevCentral

Below is an iRule that should get you going. You probably also want to check on PUT and MPUT besides STOR.

when RULE_INIT {
  set DEBUG 1
}

when CLIENT_ACCEPTED {
  if { $::DEBUG } { log local0. "client accepted" }
}

when CLIENT_DATA {
  if { $::DEBUG } { log local0. "----------------------------------------------------------" }
  if { $::DEBUG } { log local0. "payload [TCP::payload]" }
  set client_data [string trim [TCP::payload]]
  #---------------------------------------------------
  # Block or alert specific commands
  #---------------------------------------------------
  switch -glob [string tolower $client_data] {
    "stor *.tar" -
    "stor *.gz" -
    "stor *.tgz" -
    "stor *.tar.gz" -
    "stor *.zip" {
      if { $::DEBUG } { log local0. "LOG: STOR request detected" }
      
      TCP::respond "550 STOR filetype not allowed\r\n"
      TCP::payload replace 0 [string length $client_data] ""
      return
    }
  }      
  TCP::release
  TCP::collect
}

when SERVER_CONNECTED {
  if { $::DEBUG } { log "server connected" }
  TCP::release
  TCP::collect
  clientside { TCP::collect }
}
when SERVER_DATA {
  if { $::DEBUG } { log local0. "payload <[TCP::payload]>" }
  TCP::release
  TCP::collect
}

when CLIENT_CLOSED {
  if { $::DEBUG } { log local0. "client closed" }
}

When using WinSCP, it shows when the upload is being blocked.