iRule processing after Client SSL decryption

I am attempting to configure persistence based upon the content of the data stream.

 

When I use unencrypted source traffic, the iRule works as expected. The iRule was configured as follows:

 

 

when CLIENT_ACCEPTED {

 

TCP::collect 1

 

}

 

 

when CLIENT_DATA {

 

log local0. "DATA= [TCP::payload length] -End"

 

 

if {[TCP::payload] contains "&u="} {

 

log local0. "RD- [TCP::payload] -End"

 

persist uie [findstr [TCP::payload] "&con=" 5 "&"]

 

pool stg.us1-rd.service.gehealthcare.com.443

 

}

 

elseif {[TCP::payload length] > 1000} {

 

reject

 

}

 

else {

 

log local0. "Collect more"

 

TCP::collect 1

 

}

 

return

 

}

 

 

When I switched the configuration to use Client side SSL, I modified the rule to:

 

when RULE_INIT {

 

set $nCollect_Passes 1

 

}

 

 

when CLIENTSSL_HANDSHAKE {

 

log local0. "CLIENTSSL_HANDSHAKE"

 

TCP::collect 1

 

}

 

when CLIENT_ACCEPTED {

 

log local0. "Collect"

 

TCP::collect 1

 

}

 

 

when CLIENT_DATA {

 

log local0. "CLNT DATA= [TCP::payload length] -End"

 

 

if {[TCP::payload] contains "&u="} {

 

log local0. "RD- [TCP::payload] -End"

 

persist uie [findstr [TCP::payload] "&con=" 5 "&"]

 

pool stg.us1-rd.service.gehealthcare.com.443

 

}

 

elseif {[TCP::payload length] > 1000} {

 

reject

 

}

 

elseif {$nCollect_Passes > 10} {

 

reject

 

}

 

else {

 

log local0. "CLNT Collect more"

 

incr $nCollect_Passes

 

TCP::collect 1

 

}

 

return

 

}

 

 

This does not work because the data is encrypted. I get the log message:

 

Rule : PAYLOAD= ??W???? I????[??v)j??5??6b??u??????@o??~??KKZ????u\????????????????sq{????Mz????M????h??rz??????????????????????????}=*|??????L?????????z??hC?? \N??????????>p??(????R?? ????u&??????R`??????S ??dG ????E%??

 

 

Question:

 

Is there a way to process the data stream after it is decrypted?