For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hans_Schneider2's avatar
Hans_Schneider2
Icon for Nimbostratus rankNimbostratus
Nov 10, 2014
Solved

Manage SFTP with iRule

Hi all, I have a Virtual Server that listens on every port (0) which it has to do. I want to point my SFTP traffic to different servers based on which customer it is. For HTTP traffic I am looking ...
application delivery
devops
iRules
  • mimlo_61970's avatar
    mimlo_61970
    Nov 12, 2014

    Yes, an http profile on a non http protocol will break the connection. The http profile is going to validate the data meets http specifications, and it will not.

     

    I don't think you can enable/disable/change the HTTP profile in an irule(I assumed you could when I said it above, but after further research it appears you can't), so a separate port 22 vip is probably required. I think you can keep your port 0 vip and just add a port 22 vip for sftp. If I remember correctly it will use the port 22 vip when it matches that port, and the port 0 vip for everything else. The the entire need for the irule goes away.

     

What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Nov 10, 2014

Assuming this isn't internet based traffic you could just give each client a dedicated IP address, or, to minimise the config, a distinct TCP port. Then your iRule can direct traffic to the desired pool based on the IP or port.

 

Your rule looks mostly OK. I think you either need to enclose 22 in double quotes "" to allow a string comparison or replace equals with == to allow a numerical comparison.