Forum Discussion
Stanislas_Piro2
Jun 19, 2018Cumulonimbus
You can use a code like that:
when CLIENTSSL_CLIENTHELLO {
set virtual_server [LB::server]
set userip [IP::client_addr]
set SSL_version [SSL::cipher name]
set SSL_PROTOCOL [SSL::cipher version]
set TLS_ServerName [ expr {[SSL::extensions exists -type 0] ? [string range [SSL::extensions -type 0] 9 end] : "" }]
log local0. $TLS_ServerName
if {$SSL_PROTOCOL == "TLSv1" && ![IP::addr [IP::remote_addr] equals 192.168.1.0/24]} {
log local0. "Warning: $userip - $SSL_version - $SSL_PROTOCOL - $virtual_server - $TLS_ServerName"
reject
} else {
log local0. "Informational: $userip - $SSL_version - $SSL_PROTOCOL - $virtual_server - $TLS_ServerName"
}
}
the TLS_ServerName variable contains the value of the Servername extension. this extension may contain the hostname of the request!