FTP reverse-proxy

Question

Has anyone tried to use F5 (v9) as an FTP reverse proxy? 
&nbsp; We use F5 as a reverse-proxy for HTTP and would like to cover FTP traffic as well (validating the L5-L7 traffic to confirm that it is really FTP). 
&nbsp;  
&nbsp; Have there been any FTP-specific iRule command-sets defined (similar in functionality to to the HTTP:: commands). 
&nbsp;  
&nbsp; Ideally such FTP command-set would: 
&nbsp; - support both passive and active FTP (while F5 acts as a full application-layer FTP proxy) 
&nbsp; - analyse/validate FTP application traffic across both FTP sessions (control and data) 
&nbsp; - have an ability to limit FTP commands that can be used for certain FTP directories (eg. if a directory is read-only - only "ls", "get" and "mget" should be allowed) 
&nbsp; - proxy the user authentication to the end-server while providing filtering (eg. in some cases a user "anonymous" should be blocked at the proxy level)

brian_gupta_115 · Answer

I don't think so. But I am interested in this as well. -Brian

brian_gupta_115 · Answer

I got FTP reverse proxy working.. using the standard FTP profile (supports active and passive, no iRule needed) The authentication is done at the backend by default.&nbsp;
&nbsp;Some of iRule functionality you want, IE: filtering, I can help you with.&nbsp;
&nbsp;As for validating whether it is actual FTP traffic, what are you concerned about? (Give me an example of non-ftp traffic that you would want to block)&nbsp;
&nbsp;The ability to limit commands can probably be done but it is probably more than I want to bite off.&nbsp;
&nbsp;Feel free to contact me if you need any help.&nbsp;
&nbsp;Cheers,
&nbsp;Brian

michael_woods_5 · Answer

Hey brandorr,&nbsp;
&nbsp;What did you do to get the reverse-proxy working using profiles?&nbsp;
&nbsp;Thanks and Happy New Year,
&nbsp;Mike

Forum Discussion

FTP reverse-proxy

3 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

F5 Reverse Proxy setup

Troubleshooting Lync/Skype for Business Reverse Proxy

Setup a Reverse Proxy that redirects to internal port

Reverse Proxy With Basic SSO

F5 SSL Offload behind Nginx Reverse Proxy