Manage SFTP with iRule
Hi all,
I have a Virtual Server that listens on every port (0) which it has to do. I want to point my SFTP traffic to different servers based on which customer it is. For HTTP traffic I am looking at the HTTP::header but this is not an option with SFTP traffic. Is it possible to do the same with SFTP somehow?
Right now I'm trying to get one SFTP connection working but it's not successful. I have the following in my iRule:
when CLIENT_ACCEPTED {
if { [TCP::local_port] equals 22 } {
pool OP_22
log local0. "FTP TRAFFIC!!"
}
}
No traffic is reaching the SFTP server.
Yes, an http profile on a non http protocol will break the connection. The http profile is going to validate the data meets http specifications, and it will not.
I don't think you can enable/disable/change the HTTP profile in an irule(I assumed you could when I said it above, but after further research it appears you can't), so a separate port 22 vip is probably required. I think you can keep your port 0 vip and just add a port 22 vip for sftp. If I remember correctly it will use the port 22 vip when it matches that port, and the port 0 vip for everything else. The the entire need for the irule goes away.