NimbostratusFTP Proxy Destinations
Hi Geniuses,
I am look for some help. I have used Bhattman's brilliant Proxy iRule and tried to enhance it, but it doesn't work correctly.
The Setup:
I have some servers that need to use the pool ftp-proxy and some that I want the IRule as a proxy. This works great. The Bluecoat takes the input of username@domain.com and so does the irule.
The Delima:
I have 5 application servers that contain 4 applications each. All of them use a script to FTP their jobs. Each application servers is a single address. So when I put that address in the data group called proxylist, 2 of the 4 applications break and the other 2 work. However, when I take them out of the proxylist the problem reverses. The 2 that work breaks and the 2 that broke now works. So I wanted started to rewrite the Irule so that I can now send based on destination of where they are FTPing to.
However, in my tests the code is not working correctly. Can the brilliant minds in this forum take a look and tell me where I am going wrong.
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] eq proxylist ] } {
pool ftp-proxy
Exit Binary Statement so it bypasses any other events.
snat none
set ret 1
return
} else {
Set exit binary to 0 so we can hit all the events for the Irule FTP functionality
set ret 0
TCP::respond "220 Welcome to the Irule Proxy \r\n"
TCP::collect
}
}
when CLIENT_DATA {
if {$ret} {return}
set ftplogin [TCP::payload]
if { $ftplogin starts_with "USER" } {
set dnslookup "8.8.8.8"
set cuser [TCP::payload]
scan $ftpuser {%[^@]@%s} blah domainname
scan $blah %s%s cmd uid
set ips [RESOLV::lookup @$dnslookup -a $domainname]
if {$ips eq "" } {
Input wasn't an IP address, take some default action?
reject
} else {
This is intended to take the domain name entered from the user and see if matches
The datagroup dg-forward-to-proxy
Once it matches it sends to to the ftp-pool and sets the variable up for the
Server Data Event
if { [class match $domainname eq dg-forward-to-proxy ] } {
set sendproxy 1
pool ftp-proxy
snat none
return
}
TCP::payload replace 0 [TCP::payload length] ""
set ftp_serv "[lindex $ips 0]"
node [lindex $ips 0] [TCP::local_port]
}
}
TCP::release
}
when SERVER_CONNECTED {
if {$ret} {return}
TCP::collect 20
}
when SERVER_DATA {
if {$ret} {return}
log local0. "This is selected"
set server_data [TCP::payload]
if { $server_data contains "220" } {
This takes the variable created in Client data and sends the username@domainname to the FTP
proxy otherwise it sends to directly to the FTP server.
if { $sendproxy } {
TCP::respond "USER $uid@$ips\r\n"\
} else {
TCP::respond "USER $uid\r\n"
}
TCP::payload replace 0 [TCP::payload length] ""
}
TCP::release
}-==DECKARD==-
