Restrict FTP access to requests on hostname.

Question

At this moment access to our http and https sites is restricted to the hostname, this way access via IP address is no longer possible. This is done using the policies under Local Traffic / Virtual Servers. The intention is to restrict access to the FTP servers in the same way. I would like to create something in the style like the HTTP policy rule&nbsp;
"http-host host equals www.site.com  forward select pool /Common/www-site-com-http"&nbsp;
This rule was generated after the upgrade where HTTP-Class was replaced by policies.&nbsp;
Anyone a suggestion ?&nbsp;

kai_wilke · Answer

Hi Willy,&nbsp;
FTP in its classic form does not support HOST-headers like HTTP does. &nbsp;
But a new RFC has been developed by Microsoft and was published in March 2014, with an added HOST-command extension (see RFC7151/Cap.3).&nbsp;
Unfortunately is the support for this RFC not widely spreaded yet. So that it would strongly depend on the FTP clients and servers you're going to use.&nbsp;
Beside of the client/server support. F5 doesn't have an explicit support for any FTP command. So you have to parse the FTP control-channel with homegrown iRules to filter out connection attemps using missing or mismatching HOST-names. &nbsp;
https://tools.ietf.org/html/rfc7151&nbsp;
Cheers, Kai&nbsp;

Forum Discussion

Restrict FTP access to requests on hostname.

1 Reply

Recent Discussions

how can I find the software version is 32 bit or 64 bit from LTM 15.1.10.4

(How) can I get two client certificates in one APM session?

Open Redirection Mitigation

Using okta as SSO to login F5 GUI

snmp automatic stop mail send

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Distributed caching of authentication requests with NGINX Ingress Controller

Logging DNS Requests

F5 iRule Geolocation restriction