Hurting eyes, could someone check this?

Question

Hey all, 
&nbsp;   Running 9.0.5, I have these rules in place:&nbsp;
&nbsp;rule cyclone_ftp_hhtp_request {
&nbsp;   when HTTP_REQUEST {
&nbsp; if { [HTTP::uri] contains "ftp" } {
&nbsp; node 192.168.250.144
&nbsp;  }
&nbsp; else {
&nbsp; pool cycloneprod
&nbsp; }
&nbsp; }
&nbsp;}
&nbsp;rule cyclone_test {
&nbsp;   when CLIENT_ACCEPTED {
&nbsp; if { [IP::protocol] == 21 } {
&nbsp; node 192.168.250.128
&nbsp; }
&nbsp; else {
&nbsp; pool cyclonetest
&nbsp; }
&nbsp; }
&nbsp;}
&nbsp;rule cyclone_FTP {
&nbsp;   when CLIENT_ACCEPTED {
&nbsp; if { [IP::protocol] == 21 } {
&nbsp; node 192.168.250.144
&nbsp; }
&nbsp; else {
&nbsp; pool cycloneprod
&nbsp; }
&nbsp; }
&nbsp;}&nbsp;
&nbsp;On a round robin LB, the ftp connection request, are still load balancing instead of going directly to the nodes. Is there a different method you guys would recommend for this?&nbsp;
&nbsp;Thanks in advance for the help!

colin_walker_12 · Answer

Well, it looks like you're using the IP::protocol command where you'd probably want to use something closer to TCP::client_port
The IP::protocol command doesn't return the port address of the transfer protocol you're using, it returns the actual value of the protocol field.
There's a decent list of them here: Click here
So, you'd want to change your two FTP rules to look more like:
when CLIENT_ACCEPTED {
  if { [TCP::client_port] == 21 } {
    node 192.168.250.128
  } else {
    pool cyclonetest
  }
}
And:
when CLIENT_ACCEPTED {
  if { [TCP::client_port] == 21 } {
    node 192.168.250.144
  } else {
    pool cycloneprod
  }
}
HTH,
-Colin

dafydd__rhys-jo · Answer

Thank you, but wouldn't that be based off of the client that is connecting? If so, the client port can be any port number. The server port is 21.

unruley_95363 · Answer

Yeah, you'll want to use [TCP::local_port]!

dafydd__rhys-jo · Answer

What about [TCP::server_port]?

jrahm · Answer

that will work on the clientside events, and it might work on serverside events, depending on whether you are using standard ports or not

Forum Discussion

Hurting eyes, could someone check this?

6 Replies

Recent Discussions

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

Related Content

iRule Shenanigans - My Brain hurts

MOVEit FortiGate, someone is Rowhammering the door - July 2-8 2023 - F5 SIRT This Week in Security

Mining JavaScript Events for Fun & (Preventing Someone Else’s) Profit

You’ll Shoot Your Eye Out…

Trying to Envision the Future through Eyes of Today