For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kend's avatar
kend
Icon for Altostratus rankAltostratus
Jan 10, 2012

iRule for Microsoft RDP

I want to create an iRule that can direct a user to a pool based on the remote computer name they are specifying when using the Microsoft RDP client. So, if they enter host1.network.net in the RDP client, I want the iRule to direct them to pool host1.network.net. If a different user enters host2.network.net in the RDP client, I want the iRule to direct them to pool host2.network.net. Does any one know if this is possible?
application delivery
dev
devops
iRules

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jan 11, 2012
    In a quick test connecting from a Win7 client to a Win2008 server, I see the hostname the client uses for the connection sent in the TCP payload. If that's always the case, this seems plausible to do.

     

     

    Here's an example from Jason for parsing the RDP data to get the username. You could modify that to parse the hostname/IP.

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/25271/showtab/groupforums/Default.aspx

     

     

    Aaron
  • kend's avatar
    kend
    Icon for Altostratus rankAltostratus
    Jan 11, 2012
    Did you use a sniffer to see the TCP payload? I am new to iRules, so how would I parse that portion of the payload?

     

     

    Thanks,

     

    Ken
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Jan 11, 2012
    You could certainly write an iRule to expose the parts of the payload you want, but yes generally speaking some sort of traffic capturing tool is the quickest way to see what's going on. Wireshark, snort, etc.

     

     

    Colin