Forum Discussion

jk20004_44080

Nimbostratus

Oct 05, 2018

best way to reject SSL Connections

We use IPI and we drop the requests via iRule because we cannot use ASM at every VS. today we reject the connect in then CLIENT_ACCEPTED but the result is a SSL Handshake failed for TCP xxx.xx...

Cumulonimbus

Oct 06, 2018

You are getting SSL error as the CLIENT_ACCEPTED event is triggered once the TCP connection has been established so the client has likely already sent the SSL Client Hello before being rejected.

Personally if this is for security and public I would drop the connection instead of rejecting it. These will mean the client TCP connection will timeout.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

best way to reject SSL Connections

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Cannot ping external interface

Dump all host running services during APM logon

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

HA Failover between two Datacenters

Related Content

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

DevCentral Connects Recap: Open Finance, APIs, AI & Security

iRule rejects connections but there is no reject command

Trouble redirecting on APM rejection.

AWS Transit Gateway Connect: GRE + BGP = ?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS