For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

FTPS_SSL_ Termination

Problem this snippet solves: This iRule is meant to act as a full FTPS termination rule that behaves similarly to HTTPS termination. It forces either an implicit (port 990 by default) or explicit (p...
Published Mar 17, 2015
Version 1.0
application delivery
devops
iRules
security
steffen's avatar
steffen
Icon for Nimbostratus rankNimbostratus
Oct 13, 2022

Hey @bob_ziuchkovsk1
thanks for your FTPS iRule

There are still a few small things that need to be adjusted to make it work.

1. The same variable again "static::pasv_max_port" is incorrect it is already in use.
2. To use this iRule on multiple virtual servers it needs a little more dynamic.

 

 # -- REMOVE OLD --

 # Vserver IP to advertise for incoming PASV data channel connections
 # NOTE: the commas are NOT a typo.  This is the format used by FTP protocol
 set static::pasv_max_port "10,0,0,46"


 # -- ADD (under "when CLIENTSSL_DATA" ) --

 # uses the known virtual server ip address (client context)
 set static::vserverip [IP::local_addr]
 set static::vserverip_comma [string map {. ,} $static::vserverip]



 # -- CHANGE ( under "when SERVER_DATA" ) --

 # respoding the virtual server ip address
 set pasv_response "227 Entering Passive Mode ($static::vserverip_comma,$our_pasv_str)\r\n"

 

Tested this on Version: 16.1