Source IP details accessing TLSv1

Question

Hello All,&nbsp;
can you please let me know how to identify  Source ip or end user IP (External ) accessing TLSv1  on the VIP ? Please let me know if there is any irule  that can be configured and tested.&nbsp;

youssef1 · Answer

Hi.&nbsp;
Can you tell me in which version you are ?&nbsp;

vvskaladhar_488 · Answer

Hi 
bellow is the version and hotfix
BIG-IP 11.5.1 Build 10.0.180 Hotfix HF10&nbsp;

youssef1 · Answer

Can you try:
when CLIENTSSL_CLIENTHELLO {
set userip [IP::client_addr]
set SSL_version [SSL::cipher name]
set SSL_PROTOCOL [SSL::cipher version]

if {$SSL_PROTOCOL == "TLSv1"} {

log local0. "Warning: $userip - $SSL_version - $SSL_PROTOCOL"

}
}

Keep me in touch...

vvskaladhar_488 · Answer

Hi ,&nbsp;
I have added this irule and i will be tagging this to a required VIP.  will it save logs to any specific folder or do i need to collect all the logs form filter them form var/log folder ?&nbsp;
log local0. "Warning: $userip - $SSL_version - $SSL_PROTOCOL"&nbsp;

youssef1 · Answer

This logs are saved in /var/log/ltm.&nbsp;
You can also send logs in a syslog server. It's more simple for search or filter some logs...&nbsp;
How I can help you &nbsp;

Forum Discussion

Source IP details accessing TLSv1

6 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

ASN Details

iRule to log traffic details

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Traffic Policies: More detailed information on Actions

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap