Forum Discussion
iRule to restrict SFTP by name
Hi André
The main problem with this is that SFTP is a subsystem of SSH and the F5 cannot decrypt the SSH traffic in the path of the connection in order to programmatically peel away the domain that is being requested.
There is another method which may work - albiet not that elegant. It does require the SFTP client to use the proxy method. Specifically, if you create an F5 HTTP Proxy VIP with the following iRule in this posting https://devcentral.f5.com/codeshare/allow-http-explicit-proxy-to-handle-short-name-resolution.
You can extract the domain from the HTTP CONNECT method. From there you can potential send them to a VIP that contains the correct pool you are targeting for that domain. It will require reworking the iRule - but I can see that it's possible.
I hope this helps
-=Bhattman=-
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com