Forum Discussion

Chetan_Puri_368's avatar
Chetan_Puri_368
Icon for Nimbostratus rankNimbostratus
Mar 01, 2019

SSL information wants to see on server

hi team,

 

can someone help me for the Irule, client wants to see user SSL detail on server. when user try for Https connection for website (User --> F5 --> Server)

 

3 Replies

  • You could make use of High Speed Logging (HSL) to send SSL connection information to a syslog server

    1) Create a pool containing the syslog server

    tmsh create ltm pool HSL-POOL-514 members add { :514 }

    2) Create an iRule which uses HSL to send SSL connection information to a syslog server

    when CLIENT_ACCEPTED {
        set hsl [HSL::open -proto UDP -pool HSL-POOL-514]
    }
    
    when HTTP_REQUEST {
        set HOST [HTTP::host]
        set METHOD [HTTP::method]
        set URI [HTTP::uri]
        set HTTP_VERSION [HTTP::version]
    }
    
    when CLIENTSSL_HANDSHAKE {
        set SSL_VERSION [SSL::cipher version]
        set SSL_CIPHER [SSL::cipher name]
    }
    
    when HTTP_RESPONSE {
       HSL::send $hsl "<190> SSL Version: $SSL_VERSION, SSL Cipher: $SSL_CIPHER, Source: [IP::client_addr]:[TCP::client_port], Destination: [clientside {IP::local_addr}]:[clientside {TCP::local_port}], Pool Member: [IP::server_addr]:[TCP::server_port], Host: $HOST, $METHOD $URI HTTP/$HTTP_VERSION, Status: [HTTP::status]"
    }
    

    An example of a log line you will see:

    11-13-2017        21:47:38        Local7.Info        192.168.1.252         SSL Version: TLSv1.2, SSL Cipher: DHE-RSA-AES256-GCM-SHA384, Source: 192.168.1.124:45886, Destination: 192.168.1.100:443, Pool Member: 172.24.32.11:80, Host: www.example.com, GET /index.html HTTP/1.1, Status: 200

  • Sir,

     

    I need this /CN=Name/OU=UNIT/O=ORG/C=US of client certificate in Http header. When we are sending this to server.