iRule to transmit plaintext data on a full proxy VIP?

Question

My organization has webservers that our BigIPs act as a full SSL proxy for. They want to send decrypted traffic to an IDS and want men to do it without changing the current network design. I was going to use a clone pool but learned that it only clones the traffic after SSL encryption has taken place on either the client or server side. Is there an iRule I can use to capture this traffic during the decryption and clone it to another pool? I found this iRule string,

"when SERVERSSL_HANDSHAKE {

# Trigger collection of the decrypted payload once the SSL handshake has been completed successfully

SSL::collect"

and was wondering if this would collect the decrypted traffic? And if it did what iRule could I use to copy the payload and forward it to a different pool?

alexbct · Answer

Hi Rongill, ​I assume the protocol inside SSL is HTTP? You should be able to do it with SIDEBAND&nbsp;or HSL​ commands in iRules. Colin has written a great article about it a while&nbsp;ago:  https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1&nbsp;Hope that one helps. 
​

Forum Discussion

iRule to transmit plaintext data on a full proxy VIP?

Recent Discussions

did not show checkbox on chrome while access through f5

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

F5 mgmt access

Will Big-IP ver 17.5.X supported on VMware ESXi ?

Related Content

BIGIP OAUTH : Transmit "Application id" to backend server after a successful atuthentication

iRules Style Guide

Json parsing with iRules

Hey ChatGPT, can you write iRules?

Re: iRules Editor with Visual Studio Code

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS