Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Stephen_Winter's avatar
Stephen_Winter
Icon for Cirrus rankCirrus
Dec 30, 2008

Pool choice basec on TCP packet contents?

Hi All,     We're looking for a way to differnetiate "clients" coming to our HTTPS VIP based on the SSL Hello they send when setting up the connection. We want to send people who do not s...
application delivery
dev
devops
irules
Stephen_Winter's avatar
Stephen_Winter
Icon for Cirrus rankCirrus
Dec 30, 2008
Colin,

 

 

We are not looking to do the SSL Offloading at the moment.

 

 

In looking at some other examples in the forums, we're looking to see if the cleint we're having problems with (Quicken for MAC) has something unique in the SSL Cipher strings that we can key off of with the TCP:collect and TCP:payload commands...

 

 

Once we (hopefully) find something, I'll just add a "pool" statement to the proper spot in the If/Else, with teh non-match using the default pool.

 

 

 

 

when CLIENT_ACCEPTED {

 

TCP::collect 1

 

}

 

 

when CLIENT_DATA {

 

binary scan [TCP::payload] H* clientdata

 

log local0. "Data: $clientdata"

 

if { $clientdata contains "160301" } {

 

log local0. "Match Found from [IP::client_addr]:[TCP::client_port]"

 

} else {

 

log local0. "Match Not Found from [IP::client_addr]:[TCP::client_port]"

 

}

 

}