Forum Discussion
AltostratusThe SSL::profile Command Is Valid In Which Events?
Hi, I'm getting very frustrated trying to write rules using this and other commands in the SSL namespace. The 'Valid Events' sections for most commands on the wiki are either empty of just plain wrong.
-Is there an alternative listing somewhere?
-Anyone know what the valid events are for this command? So far I've only got it to work in CLIENT_ACCEPTED.
Many thanks in advance.
4 Replies
Bhanu_9561Cirrus
This link has some events that are triggered when particular SSL events are triggered. Is this what you are looking for? https://clouddocs.f5.com/api/irules/SSL.html
What_Lies_Bene1Cirrostratus
Thanks Bhanu but I need a list of which events are supported for each command. Cheers- Kevin_Stewart
Employee
The rule of thumb is any event that makes sense in the protocol ordering and context. So let's say that SSL is at OSI layer 6 (or 5 depending on which reference you read). In the client side context, therefore, the SSL::profile command will work in any event after layer 4 and before layer 7, which is pretty much just CLIENT_ACCEPTED and CLIENT_DATA. Using it in HTTP_REQUEST is too late. The same goes for the server side context. The proxy will establish a TCP layer 4 session with the server, negotiate SSL, and then pass the layer 7 traffic, so you need to use SSL::profile in the server side context after layer 4 and before layer 7, which is safely the SERVER_CONNECTED event, but can be used elsewhere.
- What_Lies_Bene1
Thanks Kevin, makes sense although I can't get it to 'take' using CLIENT_DATA but no worries; I'm changing my design. Cheers
