For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chetan_Puri_368's avatar
Chetan_Puri_368
Icon for Nimbostratus rankNimbostratus
Mar 01, 2019

SSL information wants to see on server

hi team,   can someone help me for the Irule, client wants to see user SSL detail on server. when user try for Https connection for website (User --> F5 --> Server)  
application delivery
iRules
Michael_Saleem1's avatar
Michael_Saleem1
Icon for Cirrus rankCirrus
Mar 01, 2019

You could make use of High Speed Logging (HSL) to send SSL connection information to a syslog server

1) Create a pool containing the syslog server

tmsh create ltm pool HSL-POOL-514 members add { :514 }

2) Create an iRule which uses HSL to send SSL connection information to a syslog server

when CLIENT_ACCEPTED {
    set hsl [HSL::open -proto UDP -pool HSL-POOL-514]
}

when HTTP_REQUEST {
    set HOST [HTTP::host]
    set METHOD [HTTP::method]
    set URI [HTTP::uri]
    set HTTP_VERSION [HTTP::version]
}

when CLIENTSSL_HANDSHAKE {
    set SSL_VERSION [SSL::cipher version]
    set SSL_CIPHER [SSL::cipher name]
}

when HTTP_RESPONSE {
   HSL::send $hsl "<190> SSL Version: $SSL_VERSION, SSL Cipher: $SSL_CIPHER, Source: [IP::client_addr]:[TCP::client_port], Destination: [clientside {IP::local_addr}]:[clientside {TCP::local_port}], Pool Member: [IP::server_addr]:[TCP::server_port], Host: $HOST, $METHOD $URI HTTP/$HTTP_VERSION, Status: [HTTP::status]"
}

An example of a log line you will see:

11-13-2017        21:47:38        Local7.Info        192.168.1.252         SSL Version: TLSv1.2, SSL Cipher: DHE-RSA-AES256-GCM-SHA384, Source: 192.168.1.124:45886, Destination: 192.168.1.100:443, Pool Member: 172.24.32.11:80, Host: www.example.com, GET /index.html HTTP/1.1, Status: 200