Forum Discussion

peter_hutton's avatar
peter_hutton
Icon for Nimbostratus rankNimbostratus
Mar 06, 2018

FTP from a browser via explicit proxy.

We are using the F5 explicit proxy to proxy our HTTP and HTTPS. This doesn't natively support ftp via the browser. We are using the ftp proxy irule for ftp client based connections from ftp software but this doesn't support proxy connect method.

 

IS it possible to send the type traffic to another vip or port, does anyone know if there is a supported way of doing this.

 

Our bluecoats just work for address type ftp://

 

Thankyou

 

2 Replies

  • Were you able to get an answer for this? I have not been able to make this work from a browser unless I am using a transparent proxy on the F5.

     

  • Ano's avatar
    Ano
    Icon for Nimbostratus rankNimbostratus

    Hi Peter

    I am also trying to solve a same situation, but I can't.

    I'm using HTTP_PROXY_REQUEST on iRule, but HTTP_PROXY_REQUEST can't control the "ftp://".

    Mr.totof said work fine in the case of the "HTTP_REQUEST".

      https://devcentral.f5.com/s/feed/0D51T00006i7RYsSAM

    So, I thought if "HTTP_REQUEST" could control the FTP over HTTP, "HTTP_PROXY_REQUEST" is also could, but couldn't.

    HTTP_PROXY_REQUEST

    https://clouddocs.f5.com/api/irules/HTTP_PROXY_REQUEST.html

    Triggered when a virtual server has proxy-mode explicit set and one of the following two scenarios are true:
    ・the request has a full uri of the form http://hostname:port/path (much like HTTP_REQUEST, but with access to the original uri)
    ・the request is a CONNECT request (e.g. CONNECT hostname:port HTTP/1.1)

    After that, I tried "CLIENT_ACCEPTED" and "CLIENT_DATA" as below.

    when CLIENT_ACCEPTED{
    	TCP::collect
    }
    when CLIENT_DATA{
    	if [ string tolower [TCP::payload 10]] contains "get ftp://" ] {
    		bla bla bla
    		pool test_pool
    		# In my case, I want to transfer other HTTP proxy.
    	}
    }

    But the situation is not changing, BIG-IP response HTTP Status Code 400 again.

    Someone, do you have any ideas?​