cancel
Showing results for 
Search instead for 
Did you mean: 

ftp iRule question

s3s1277_111291
Nimbostratus
Nimbostratus

I've used this, to capture ftp username from tcp payload.

 

https://devcentral.f5.com/wiki/iRul...gging.ashx

 

However, is there a way to match the captured username with a datagroup, that contains list of usernames, and decide to route to a pool xyz? The datagroup type string in v10 takes string and value, while I have list of usernames only. and can I put that in the CLIENT_DATA event within the same iRule? Doesn't seem to work for me.

 

 

2 REPLIES 2

nitass
F5 Employee
F5 Employee
i do not think you can use FTP Session Logging codeshare as a template because the 1st SERVER_DATA happens before the 1st CLIENT_DATA.

 

 

e.g.

 

 

[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.252:21 ip protocol 6 rules myrule profiles { ftp {} tcp {} } } [root@ve10:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { log local0. "-" TCP::collect 0 0 } when CLIENT_DATA { log local0. "-" log local0. [TCP::payload] TCP::release TCP::collect } when SERVER_CONNECTED { log local0. "-" TCP::collect } when SERVER_DATA { log local0. "-" log local0. [TCP::payload] TCP::release TCP::collect } } [root@ve10:Active] config tail -f /var/log/ltm Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : 220 (vsFTPd 2.0.5) Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : AUTH GSSAPI Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : 530 Please login with USER and PASS. Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : AUTH KERBEROS_V4 Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : 530 Please login with USER and PASS. Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : USER anonymous Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : 331 Please specify the password. Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : PASS Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : - Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : 230 Login successful.

 

 

instead, i think you should use FTP proxy v10 to proxy client connection until receiving username.

 

 

FTP proxy v10 by Bhattman

 

https://devcentral.f5.com/wiki/irules.FTP-Proxy.ashx

 

 

e.g.

 

 

[root@ve10:Active] config b virtual bar list virtual bar { snat automap destination 172.28.19.252:21 ip protocol 6 rules myrule profiles { ftp {} tcp {} } } [root@ve10:Active] config b pool foo1 list pool foo1 { members 200.200.200.101:21 {} } [root@ve10:Active] config b pool foo2 list pool foo2 { members 200.200.200.111:21 {} } [root@ve10:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { log local0. "-" log local0. "220\r\n" TCP::respond "220\r\n" TCP::collect } when CLIENT_DATA { log local0. "-" log local0. [TCP::payload] if { [TCP::payload] starts_with "USER" } { scan [TCP::payload] {USER%s} cuser switch $cuser { "garfield" { pool foo1 } default { pool foo2 } } TCP::payload replace 0 [string length [TCP::payload]] "" TCP::release return } TCP::payload replace 0 [string length [TCP::payload]] "" log local0. "530 Please login with USER and PASS.\r\n" TCP::respond "530 Please login with USER and PASS.\r\n" } when SERVER_CONNECTED { log local0. "-" log local0. "client [IP::client_addr]:[TCP::client_port] server [IP::remote_addr]:[TCP::release]" TCP::collect } when SERVER_DATA { log local0. "-" log local0. [TCP::payload] if { [TCP::payload] starts_with "220" } { TCP::respond "USER $cuser\r\n" TCP::payload replace 0 [string length [TCP::payload]] "" } TCP::release } } anonymous [root@centos251 ~] ftp 172.28.19.252 Connected to 172.28.19.252. 220 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (172.28.19.252:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (172,28,19,252,122,137) 150 Here comes the directory listing. drwxr-xr-x 2 0 0 4096 May 30 2011 pub 226 Directory send OK. [root@ve10:Active] config tail -f /var/log/ltm Jan 19 17:14:52 local/tmm info tmm[4884]: Rule myrule : client 172.28.19.251:44457 server 200.200.200.111:0 garfile [root@centos251 ~] ftp 172.28.19.252 Connected to 172.28.19.252. 220 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (172.28.19.252:root): garfield 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (172,28,19,252,193,201) 150 Here comes the directory listing. 226 Directory send OK. [root@ve10:Active] config tail -f /var/log/ltm Jan 19 17:15:35 local/tmm info tmm[4884]: Rule myrule : client 172.28.19.251:44459 server 200.200.200.101:0

s3s1277_111291
Nimbostratus
Nimbostratus
Thank you very much. This worked great.