iRule to transmit plaintext data on a full proxy VIP?

Question

My organization has webservers that our BigIPs act as a full SSL proxy for. They want to send decrypted traffic to an IDS and want men to do it without changing the current network design. I was going to use a clone pool but learned that it only clones the traffic after SSL encryption has taken place on either the client or server side. Is there an iRule I can use to capture this traffic during the decryption and clone it to another pool? I found this iRule string,

"when SERVERSSL_HANDSHAKE {

# Trigger collection of the decrypted payload once the SSL handshake has been completed successfully

SSL::collect"

and was wondering if this would collect the decrypted traffic? And if it did what iRule could I use to copy the payload and forward it to a different pool?

alexbct · Answer

Hi Rongill, ​I assume the protocol inside SSL is HTTP? You should be able to do it with SIDEBAND&nbsp;or HSL​ commands in iRules. Colin has written a great article about it a while&nbsp;ago:  https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1&nbsp;Hope that one helps. 
​

Forum Discussion

iRule to transmit plaintext data on a full proxy VIP?

1 Reply

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

JSON Web Key Set Endpoint

Related Content

BIGIP OAUTH : Transmit "Application id" to backend server after a successful atuthentication

iRules Style Guide

Re: F5 HTTPS Redirect iRule Update

Managing Model Context Protocol in iRules - Part 1

Hey DeepSeek, can you write iRules?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS