For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
Jun 22, 2018
Solved

Irule for restricting selected ips for NOT USING TLSV1 and 1.1

Hello All, I have requirement of use an iRules in F5 to enable TLS V1.0 and 1.1 only for Selected IP addresses or IP ranges. and enable only TLS 1.2 for all remaining . I have tried the irule below...
application delivery
iRules
security
  • kcrawford4597_1's avatar
    kcrawford4597_1
    Jun 27, 2018

    matchclass ...

    Note: matchclass has been deprecated in v10 in favor of the new commands. The class command offers better functionality and performance than matchclass.

    Inserting the appropriate class command into this iRule would look something like this:

    when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals TLSV1.0_1.1_Enable ]} {
        SSL::profile example_profile_enable_weak_TLS
    } else {
        SSL::profile example_profile_disable_weak_TLS
    }
}
kcrawford4597_1's avatar
kcrawford4597_1
Historic F5 Account
Jun 27, 2018

matchclass ...

Note: matchclass has been deprecated in v10 in favor of the new commands. The class command offers better functionality and performance than matchclass.

Inserting the appropriate class command into this iRule would look something like this:

when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals TLSV1.0_1.1_Enable ]} {
        SSL::profile example_profile_enable_weak_TLS
    } else {
        SSL::profile example_profile_disable_weak_TLS
    }
}
  • vvskaladhar_488's avatar
    vvskaladhar_488
    Icon for Nimbostratus rankNimbostratus
    Jun 28, 2018

    thank you so much

     

    this worked.