Irule for port 22

Question

Hi, I have a VIP 10.x.x.x running on port 80. Now they need ssh so I have allowed port on firewall and created the same VIP for port 22.&nbsp;
My question is, can I have a irule in place for port 22. Instead of creating one more VIP ? if so then how do I ?&nbsp;
Thanks in advance.&nbsp;

cjunior · Answer

Hi, in my opinion may this option not a good idea. 
You should have two distinct virtual servers (same ip address/ distinct port number) and so each one would have their own profiles and behaviors.  
I can't see advantage doing one virtual server to both services to balance in L4/L7.  
Anyway, if it really matter this approach, you could do a virtual server that will listen to all ports (any) and then you will direct the traffic to the correct pools (at this point, if the pool members have different ports than source port, do not forget to enable port translation on the virtual server). Remember that the virtual server should't have L7 profiles attached.
when CLIENT_ACCEPTED {
    if { [TCP::local_port] eq 22 } {
        pool ssh_pool
    } elseif { [TCP::local_port] eq 80 } {
        pool http_pool
    } else {
        TCP::close
    }
}

Respectfully,

Forum Discussion

Irule for port 22

Recent Discussions

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Related Content

irule ports

Assistance with iRule using port ranges

iRules Style Guide

Three Ways to Specify Multiple Ports on a Virtual Server

Response port masking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS