Forum Discussion
bongshanks
Nimbostratus
Dec 26, 2017Scan command and variables in a SSL transaction
Hey folks,
I'm trying to finish an iRule and I'd appreciate some critiquing or advice. I'm trying to capture some client IP/SSL cipher information as well as a 23 character string of text that will...
bongshanks
Nimbostratus
Jan 10, 2018when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool hsl_syslog_pool]
}
when CLIENTSSL_HANDSHAKE {
SSL::collect
}
}
when CLIENTSSL_DATA {
if { [regexp {(\d{8})(\d{15})} [SSL::payload] -> tid mid] } {
HSL::send $hsl "Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]. tid=$tid mid=$mid."
}
SSL::release
}
} else {
If we did not have a TID OR MID in the transaction then just log the info that we have
HSL::send $hsl "SSL_CUSTOM: No TID or MID TYPE found for Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]."
}
}
nitass
Employee
Jan 13, 2018you mean this one, don't you? if yes, it looks okay to me.
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool hsl_syslog_pool]
}
when CLIENTSSL_HANDSHAKE {
SSL::collect
}
when CLIENTSSL_DATA {
if { [regexp {(\d{8})(\d{15})} [SSL::payload] -> tid mid] } {
HSL::send $hsl "Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]. tid=$tid mid=$mid."
} else {
If we did not have a TID OR MID in the transaction then just log the info that we have
HSL::send $hsl "SSL_CUSTOM: No TID or MID TYPE found for Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]."
}
SSL::release
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects