Bug ID 1216345: The command FTP::disable was not working as intended

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3

Opened: Jan 05, 2023
Severity: 3-Major

Symptoms

Although the command FTP::disable is used in iRule with CLIENT_ACCEPTED event it is not bypassing the FTP processing. When the command FTP::disable runs in the CLIENT_ACCEPTED event, the server-side flow is not created. The passthru flag is set on the client-side flow. When the server-side flow is created, the passthru flag is not set unless this is an SSL connection with forward bypass enabled.

Impact

Unnecessary FTP processing happens for traffic even though FTP::disable is given in configuration.

Conditions

1) Configure FTP profile in Virtual Server configuration. 2) Configure FTP::disable in iRule with event CLIENT_ACCEPTED.

Workaround

Use the FTP::disable command in both the CLIENT_ACCEPTED and the SERVER_CONNECTED events. Following is an example: when CLIENT_ACCEPTED { if { [TCP::local_port] == 50000 } { FTP::disable } } when SERVER_CONNECTED { if { [TCP::remote_port] == 50000 } { FTP::disable } }

Fix Information

None

Behavior Change