How to do the following in a permissible way?

Question

when CLIENTSSL_HANDSHAKE {  &nbsp;
   SSL::collect  &nbsp;
}  &nbsp;
when CLIENTSSL_DATA {  &nbsp;
  set chan [open my.log a]  &nbsp;
  puts $chan [SSL::payload]  &nbsp;
  close $chan  &nbsp;
  SSL::release  &nbsp;
}    &nbsp;
This irule gives me the following error:&nbsp;
error: [command is disabled: "open"][open my.log a]&nbsp;
I was led to believe this could/should be done via iControl. Any help would be appreciated.&nbsp;

kevin_stewart · Answer

Generally speaking, you can't perform file-level access routines directly from an iRule. All of the TCL I/O functions have been disabled for the sake of performance and security. You can however dump to syslog:
log local0. [SSL::payload]

Or you can do the same with High Speed Logging (HSL). You could also perform a sideband call to a remote server. HSL will be the fastest option and sideband will create the greatest latency. There are of course other, less "supported", ways of bridging between the data plane (iRules) and the management plane (file system), but these are probably your best options.

Forum Discussion

How to do the following in a permissible way?

1 Reply

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Connections appear not to use Persistence

LB Connection Limit Detection Method

Partially reachabilty issues with VS in F5OS tenant

Forward proxy with SSL passthrough - SWG license required?

Need step-by-step guidance for migrating BIG-IP i2800 WAF to rSeries (UCS restore vs clean build)

Related Content

File Permissions Errors When Installing F5 Application Study Tool? Here’s Why.

Insufficient permissions BIG-IQ login error

Five Ways to Automate F5OS with Ansible: A Practical Guide

How I did it - “Delivering Kasm Workspaces three ways”

Simple Sideband - iRule sideband the easy way

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS