Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
Jun 20, 2018

irule help

Hello All,

Currently i am using below irule for logging client ips who use TLSv1 and v1.1 on virutals.

but our client want to enable the audit in F5 that will include IP address and full URL being used by the customers. Because we have several sub-URLs that we can identify and isolate which Customer/IP/URLs are using TLS 1.0.

can you please suggest me the modification required on this irule for the above requirement.

when CLIENTSSL_CLIENTHELLO { set virtual_server [LB::server] set userip [IP::client_addr] set SSL_version [SSL::cipher name] set SSL_PROTOCOL [SSL::cipher version]

if {$SSL_PROTOCOL == "TLSv1"} {

log local0. "Warning: $userip - $SSL_version - $SSL_PROTOCOL - $virtual_server"

}

}

application delivery
iRules
LTM

2 Replies

Sort By
  • Anesh's avatar
    Anesh
    Icon for Cirrostratus rankCirrostratus
    Jun 20, 2018

    try

    when CLIENTSSL_CLIENTHELLO { 
set virtual_server [LB::server] 
set userip [IP::client_addr] 
set SSL_version [SSL::cipher name] 
set SSL_PROTOCOL [SSL::cipher version]

    if {$SSL_PROTOCOL == "TLSv1"} {
        set tlsver1 1
    }
}

when HTTP_REQUEST {
    if { $tlsver1 } then {
    log local0. "Warning: Host - [HTTP::host], URI - [HTTP::uri], $userip - $SSL_version - $SSL_PROTOCOL - $virtual_server "

    }
}
  • Anesh's avatar
    Anesh
    Icon for Cirrostratus rankCirrostratus
    Jun 20, 2018

    The below code was tested on 12.1.3

     

    when CLIENTSSL_HANDSHAKE { 

    set virtual_server [LB::server] 
    set userip [IP::client_addr] 
    set SSL_version [SSL::cipher name] 
    set SSL_PROTOCOL [SSL::cipher version]

    if { $SSL_PROTOCOL == "TLSv1" } {
        set tlsver1 1
    }
    else {
        set tlsver1 0
    }
}


when HTTP_REQUEST {
    if { $tlsver1 } {
    log local0. "Warning: Host - [HTTP::host], URI - [HTTP::uri], $userip - $SSL_version - $SSL_PROTOCOL - $virtual_server"
    }
    
}