Forum Discussion
MaxMedov
Cirrostratus
CirrostratusiRule to accept client then SSL cert validation
Hi everyone 🙂 Please advise the best way to combine an iRule with doing this: 1. Accept only client coming from 1 specific IP then: 2. For the rest (who are not this specific IP), I want to chec...
MaxMedov,
I think you can use tcp::collect.refer tcp collect start irule
when CLIENT_ACCEPTED { # DEBUG On/Off : 1/0 set DEBUG 0 # disable client/serverside ssl profile by default SSL::disable clientside #SSL::disable serverside if { $DEBUG || [class match -name -- [IP::client_addr] equals debug_ip ] ne "" } { #log local0. "flow is - [IP::remote_addr] -> [IP::local_addr]" } # run TCP collect to check SNI for bypass before intercept SSL traffic # log local0. "run client collect command" TCP::collect set monitor_id [ after 500 { TCP::release } ] }and you can check the sni, cn, etc... in "when CLIENT_DATA "
Hooni_L
Cirrus
CirrusMaxMedov,
I think you can use tcp::collect.
refer tcp collect start irule
when CLIENT_ACCEPTED {
# DEBUG On/Off : 1/0
set DEBUG 0
# disable client/serverside ssl profile by default
SSL::disable clientside
#SSL::disable serverside
if { $DEBUG || [class match -name -- [IP::client_addr] equals debug_ip ] ne "" } { #log local0. "flow is - [IP::remote_addr] -> [IP::local_addr]" }
# run TCP collect to check SNI for bypass before intercept SSL traffic
# log local0. "run client collect command"
TCP::collect
set monitor_id [ after 500 {
TCP::release
} ]
}and you can check the sni, cn, etc... in "when CLIENT_DATA "
