Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
8 years ago
Solved

Irule for restricting selected ips for NOT USING TLSV1 and 1.1

Hello All, I have requirement of use an iRules in F5 to enable TLS V1.0 and 1.1 only for Selected IP addresses or IP ranges. and enable only TLS 1.2 for all remaining . I have tried the irule below...
application delivery
irules
security
AceDawg_204810's avatar
AceDawg_204810
Icon for Cirrus rankCirrus
8 years ago

Looks like the syntax may be slightly off. Try this:

{ if { [matchclass [IP::client_addr] contains TLSV1.0_1.1_Disable ]}

Check the following solution article for examples on referencing data groups in IRules:

https://support.f5.com/csp/article/K3386

  • vvskaladhar_488's avatar
    vvskaladhar_488
    Icon for Nimbostratus rankNimbostratus
    8 years ago

    Thanks you so much for the help on this. i am able to add the irule as below and waiting for the confirmation form the client to say ready for testing. below is the irule by taging to the vip kaladhar.abc.com.

    when CLIENT_ACCEPTED {

    if { [matchclass [IP::client_addr] contains TLSV1.0_1.1_Disable ]} {

    SSL::profile kaladhar.abc.com_TLS_Disable

    } else {

    SSL::profile kaladhar.abc.com

    }

    }