Multiple RDP endpoints using the same source port number

Hi, Im wondering if the following is possible.

We have two different RDP servers that do different functions so are classed as different backends but use the same source port 3389.Is it possible to split these with an ACL at the frontend using something like the destination computer name and direct them to the relevant backend?

For example two RDP endpoints are and, both using the default 3389 port

frontend rdp
bind :3389
acl is-rdp1 if the endpoint is
acl is-rdp2 if the endpoint is
use backend rdp1 if is-rdp1
use backend rdp2 if is-rdp2

backend rdp1
server rdp-1

backend rdp2
server rdp-2

I need the ACL to identify the RDP server address.

Thanks in advance


I’he the same problem, this is test config but not work’s !!!

frontend RDP
mode tcp
bind *:3389
timeout client 1h
tcp-request inspect-delay 5s
tcp-request content accept if RDP_COOKIE

#acl acl_rdp_rdp1 hdr_dom(host) -i test1.rdp
#use_backend rdp1 if acl_rdp_pere

#acl acl_rdp_test1 hdr_dom(host) -i test1.rdp
#use_backend test1.rdp if acl_rdp_test1

#acl acl_rdp_tserver hdr(host) -i test1.rdp
#acl acl_rdp_tserver hdr_dom(host) -i test1.rdp
acl acl_rdp_tserver path_beg -i test1.rdp
use_backend rdp_tserver if acl_rdp_tserver

none ot these acls is met, why ?

I need use req.payload ?


Because RDP is not HTTP. The configuration above matches the HTTP header “Host” or a HTTP path and compares it with a string.

But RDP is a different protocol, so HTTP rules don’t apply. You probably also get configuration warnings with this, as the front and backend must be in TCP mode.

I’m not sure RDP contains a hostname anywhere in the protocol handshake, so I don’t think this is possible.

Is it possible to identify this rdp traffic? Like with

use_backend ssh if !{ req.ssl_hello_type 1 } { payload(0,7) -m bin 5353482d322e30