For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sriram_129909's avatar
Sriram_129909
Icon for Nimbostratus rankNimbostratus
Nov 06, 2014

iRule to log client rejects

Is there a way to log all client rejects using iRule? - The ones that doesn't make it to the HTTP_REQUEST event. I was involved in an iRule (below) logging all rejects based on lower ssl version number. That being done, now I want to find all client rejects. 

when CLIENT_ACCEPTED {
    set Collect_Len 3
    TCP::collect $Collect_Len
}
when CLIENT_DATA {
    set Buf_Len [TCP::offset]
    if { $Buf_Len < 3 } {
        incr Collect_Len -$Buf_Len 
        TCP::collect $Collect_Len
        return
    } 
    binary scan [TCP::payload] cS Rec_Type Version
    if { $Version <= 768 } { 
        HSL::send [HSL::open -proto UDP -pool syslog_server_pool_1] "Rejecting SSLv3 or lower connection attempts from [IP::client_addr] to [IP::local_addr]" 
    } else { 
        TCP::release 
    }
}
application delivery
devops
iRules

1 Reply

  • rob_carr's avatar
    rob_carr
    Icon for Cirrocumulus rankCirrocumulus
    Nov 10, 2014

    You can log messages via iRule from within any event, so there shouldn't be a problem logging rejects based on the client ssl handshake.

     

    In fact, it looks like your code should be doing exactly that. Are you not seeing log messages being sent?