LTM Policy don't trigger on ALPN in SSL_Client_Hello

Question

HiHave someone successfully managed to get a LTM Policy to trigger on ALPN in "SSL Client Hello"?I have created a policy like below, and attached it to a Virtual-Server.But when I send/connect to VS, policy won't trigger and nothing is written to my log.I have also tried with different Index values, but that makes no difference.I have verified that the ALPN is present in TLS request, both with Wireshark but also with an iRule attached to same VS.iRule:WireShark:RegardsChristian&nbsp;&nbsp;

niels_van_sluis · Answer

I've been playing with this, but also couldn't get it to work. It's unclear what index the SSL Extension alpn in the policy would be a valid one.

cenroth · Answer

Hi NielsI really appreciate your help. For a while i thought i had done something wrong. But if you have tested it, andalso can't get it to work then I’m quite sure that it is a "bugg" in the way Big IP handles ALPN in TLS packages.I will open a case towards F5, and see what kind of solution they will come up with.RegardsChristian

Forum Discussion

LTM Policy don't trigger on ALPN in SSL_Client_Hello

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

Access policy, LTM policy and iRules

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 2 - Policy Import)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

Evaluate WAF Policy with BIG-IQ Policy Analyzer

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS