Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
8 years ago
Solved

Irule for restricting selected ips for NOT USING TLSV1 and 1.1

Hello All, I have requirement of use an iRules in F5 to enable TLS V1.0 and 1.1 only for Selected IP addresses or IP ranges. and enable only TLS 1.2 for all remaining . I have tried the irule below...
application delivery
irules
security
  • kcrawford4597_1's avatar
    kcrawford4597_1
    7 years ago

    matchclass ...

    Note: matchclass has been deprecated in v10 in favor of the new commands. The class command offers better functionality and performance than matchclass.

    Inserting the appropriate class command into this iRule would look something like this:

    when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals TLSV1.0_1.1_Enable ]} {
        SSL::profile example_profile_enable_weak_TLS
    } else {
        SSL::profile example_profile_disable_weak_TLS
    }
}
kcrawford4597_1's avatar
kcrawford4597_1
Historic F5 Account
7 years ago

matchclass ...

Note: matchclass has been deprecated in v10 in favor of the new commands. The class command offers better functionality and performance than matchclass.

Inserting the appropriate class command into this iRule would look something like this:

when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals TLSV1.0_1.1_Enable ]} {
        SSL::profile example_profile_enable_weak_TLS
    } else {
        SSL::profile example_profile_disable_weak_TLS
    }
}
vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
7 years ago

thank you so much

 

this worked.