Forum Discussion
vvskaladhar_488
Nimbostratus
Nimbostratusirule help
Hello All,
Currently i am using below irule for logging client ips who use TLSv1 and v1.1 on virutals.
but our client want to enable the audit in F5 that will include IP address and full URL being used by the customers. Because we have several sub-URLs that we can identify and isolate which Customer/IP/URLs are using TLS 1.0.
can you please suggest me the modification required on this irule for the above requirement.
when CLIENTSSL_CLIENTHELLO { set virtual_server [LB::server] set userip [IP::client_addr] set SSL_version [SSL::cipher name] set SSL_PROTOCOL [SSL::cipher version]
if {$SSL_PROTOCOL == "TLSv1"} {
log local0. "Warning: $userip - $SSL_version - $SSL_PROTOCOL - $virtual_server"
}
}
AneshCirrostratus
try
when CLIENTSSL_CLIENTHELLO { set virtual_server [LB::server] set userip [IP::client_addr] set SSL_version [SSL::cipher name] set SSL_PROTOCOL [SSL::cipher version] if {$SSL_PROTOCOL == "TLSv1"} { set tlsver1 1 } } when HTTP_REQUEST { if { $tlsver1 } then { log local0. "Warning: Host - [HTTP::host], URI - [HTTP::uri], $userip - $SSL_version - $SSL_PROTOCOL - $virtual_server " } }- Anesh
The below code was tested on 12.1.3
when CLIENTSSL_HANDSHAKE { set virtual_server [LB::server] set userip [IP::client_addr] set SSL_version [SSL::cipher name] set SSL_PROTOCOL [SSL::cipher version] if { $SSL_PROTOCOL == "TLSv1" } { set tlsver1 1 } else { set tlsver1 0 } } when HTTP_REQUEST { if { $tlsver1 } { log local0. "Warning: Host - [HTTP::host], URI - [HTTP::uri], $userip - $SSL_version - $SSL_PROTOCOL - $virtual_server" } }