FTP to proxy transformation (AV content inspection)

Question

Hello,&nbsp;
&nbsp;would it be possible for an iRule to intercept pure FTP traffic from clients, transform it to proxy format, and redirect to a an FTP content inspection antivirus server?&nbsp;
&nbsp;Example:&nbsp;
&nbsp;1) client opens a new FTP connection to a remote server
&nbsp;2) BigIP intercepts the connection, transform the request to proxy format (changes the username:password to username:password@domain and whatever needed to fit it to a regular proxy request)
&nbsp;3) BigIP redirects the request (now in proxy format) to the FTP Contect Inspection Server, or pool.
&nbsp;4) FTP Content Inspection Server receives the connection, open the new connection (acting as a proxy) to the destination server, inspects the data, and send it back to the client.&nbsp;
&nbsp;The redirection to a pool is simple. The problem is the proxy transformation...&nbsp;&nbsp;
&nbsp;Thanks,&nbsp;
&nbsp; Oswaldo&nbsp;

colin_walker_12 · Answer

Oswaldo,&nbsp;
&nbsp;Depending on the exact transformations that need to occur, this should be possible...though likely not trivial.&nbsp;
&nbsp;With iRules you have the ability to read the entire header and payload and make granular changes to the contents.  Something like altering the username/password format is absolutely possible.&nbsp;
&nbsp;Since I've never tried this, I can't say exactly what it would take, but if you have the requirements of the proxy connection and the FTP connection, that's probably a good place to start.  If you can map out each change that needs to be made, you can probably find some iRules commands to allow you to make the change.&nbsp;
&nbsp;I would wager identifying all of the proper changes that need to be made is half the battle.  This sounds like an interesting project.  Make sure to keep us updated on your progress, and any questions you might have on specific rule functionality.&nbsp;
&nbsp;Thanks!
&nbsp;-Colin

oswaldo_gomes_1 · Answer

Hello,&nbsp;
&nbsp;the FTP content inspection server needs the following changes:&nbsp;
&nbsp;- Change the username to username@host&nbsp;
&nbsp;This is the error message from the content inspection server (if I telnet on port 21):&nbsp;
&nbsp;530 Log in first by USER user@host&nbsp;&nbsp;
&nbsp;So, if I am trying to connect to a FTP server 200.181.11.65, using user "oswaldo" and password "test123", the username has to be changed from "oswaldo" to "oswaldo@200.181.11.65". The password remains the same...&nbsp;
&nbsp;This username transformation is the first step to make this work... I will try some iRules and post here soon...&nbsp;
&nbsp;Thanks,&nbsp;
&nbsp; Oswaldo

george_dimitria · Answer

We have also the same requirement...Sounds like and interesting task....&nbsp;
&nbsp;Anyone done any work on that.....&nbsp;&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

FTP to proxy transformation (AV content inspection)

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

Help F5 Transform the BIG-IP Administrator Certification

Let's Talk InfoSec Transformation

Accelerating Digital Transformation in Banking and Financial Services

Modernizing F5 BIG-IP Synchronized HA Pairs with Ansible Validated Content

AFM Protocol Inspection rules for CVE-2022-3602 (aka SpookySSL)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS