Forum Discussion

Andy_Ellison_26's avatar
Andy_Ellison_26
Icon for Nimbostratus rankNimbostratus
Jan 15, 2013

Irules, RDP, HTTP Host and File Share

Hi

 

 

First time on these blogs, so I apologies if I've put the question i'm about to ask in the wrong place etc or am missing out on vital information.

 

 

We have a long list of servers that belong to vips, but we also create individual vips to access individual servers, mainly via http:80 I 'm creating a VIP that contains multiple servers, but I want to redirect users to a specific node within the pool. I can do the first part of redirecting a user to a specific node based on on the http::host entered and checks this to a datagroup if the http::host is a match to a name in the datagroup then it redirects them to thats specific nodes ip address.

 

however, I also need to be able to RDP to the servers and also connect via file share. I'm a bit stuck on how to achieve this. Basically I need to capture the FQDN name entered into the rdp client and then use that to compare the name to the datagroup and redirect acoordingly

 

and to do the same when accessing the server by share name e.g \\fileserver.msdn.net\e$

 

does anybody know if this is possible?

 

Thanks

 

Andy

 

application delivery
dev
devops
iRules

3 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 15, 2013
    It depends is probably the best answer at this stage. In the first instance you should capture some packets of an RDP connection and see where the FQDN appears. Then you can collect data when a client initially connects, search for the relevant detail and route traffic accordingly.

    Here's an example Nitass and I worked on recently in relation to POP3 and IMAP connections and usernames. It just logs but obviously we can do anything required. 

    
when CLIENT_ACCEPTED {
 if { ([TCP::local_port] == 143) or ([TCP::local_port] == 110) } {
  Collect data if client is using unencrypted IMAP or POP3
  TCP::collect 0 0
 }
}
when CLIENT_DATA {
 if { [TCP::local_port] == 143 } {
 Only do the following if client is using unencrypted IMAP and presumably 
 data has been collected
  if { [TCP::payload] contains "login" } {
   scan [TCP::payload] {%*s login %s} imapusername
   log local0. "Unencrypted IMAP connection established by $imapusername"
   Release and flush collected data
   TCP::release
   Stop processing the iRule for this event here
   return
  }
 }
 elseif { [TCP::local_port] == 110 } {
 Only do the following if client is using unencrypted POP3 and presumably data has been collected
  if { [TCP::payload] contains "USER" } {
   Look for text 'USER', skip forward 1 character and match up to the end 
   of the line
   set pop3username [findstr [TCP::payload] "USER" "1"]
   log local0. "Unencrypted POP3 connection established by $pop3username"
   Release and flush collected data
   TCP::release
   Stop processing the iRule for this event here
   return
  }
 }
 Release the data collected (if not match above)
 TCP::release
 Collect data for subsequent packets
 TCP::collect
}
  • Andy_Ellison_26's avatar
    Andy_Ellison_26
    Icon for Nimbostratus rankNimbostratus
    Jan 15, 2013
    Thanks Steve

     

     

    I'll dig out wireshark and capture some packets from the client machine sending the rdp request.

     

     

    the aboveis really usefull to help see what I can capture.

     

     

    many thanks

     

    Andy
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 15, 2013
    You're welcome. Post back if you need assistance on your specific use case. Hopefully you're not encrypting RDP.