For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hans_Schneider2's avatar
Hans_Schneider2
Icon for Nimbostratus rankNimbostratus
Nov 10, 2014
Solved

Manage SFTP with iRule

Hi all, I have a Virtual Server that listens on every port (0) which it has to do. I want to point my SFTP traffic to different servers based on which customer it is. For HTTP traffic I am looking ...
application delivery
devops
iRules
  • mimlo_61970's avatar
    mimlo_61970
    Nov 12, 2014

    Yes, an http profile on a non http protocol will break the connection. The http profile is going to validate the data meets http specifications, and it will not.

     

    I don't think you can enable/disable/change the HTTP profile in an irule(I assumed you could when I said it above, but after further research it appears you can't), so a separate port 22 vip is probably required. I think you can keep your port 0 vip and just add a port 22 vip for sftp. If I remember correctly it will use the port 22 vip when it matches that port, and the port 0 vip for everything else. The the entire need for the irule goes away.

     

Hans_Schneider2's avatar
Hans_Schneider2
Icon for Nimbostratus rankNimbostratus
Nov 11, 2014

Hi,

 

I can see that the log prints out "FTP TRAFFIC!!" so the iRule works. I have been monitoring the SFTP server with wireshark but I don't see any requests on port 22 reaching the server. Something with the F5 configuration seems to be wrong. Any other ideas?