Forum Discussion
Adr_Ant
Nimbostratus
Feb 10, 2020SSL Configuration Using IIS 6
Hello, I need help to protect my website using F5 BIG IP-i2600. My current situation like this: I have 2 domain using 2 different server. I purchase multidomain SSL Certificate for this 2 do...
Aaron, if you are talking about ssl interception then as per my understandings bluecoat can do this job very well and have no idea about the F5 ADC, Although l would say proxySG that it can transparently proxy the https traffic and send its own cert - key to all clients.
For all clients, proxySG will be the destination server and if the destination is allowed then proxy will create new connection to the OCS on behalf of request sent to in-line proxySG. If the requested OCS is not allowed then ProxySG will deny the request. This is how ProxySG breaks the ssl tunnel.
I have no idea yet that F5 LTM can do the same job as I elaborated above for Bluecoat ProxySG. If I am wrong then request you to correct my understandings.
I also request both of you and all of you to help me for the same task which has given to me today that what solution is best for url filtering ,
I know that bluecoat and its BCWF can do this job for me but due to throughput constraints we are not interested to buy bluecoat ProxySG appliances and Load balancers to block very few websites from the traffic of millions of websites.
Thanks
RGK
- Kevin_StewartMar 04, 2014
Employee
Selectively choosing a Syslog server would be the easier option I believe. The HSL::open command takes a pool as its destination, so you'd necessarily have to create a separate pool (of one) for each Syslog server, and then switch between them accordingly. As for sending the data to all of the Syslog servers, that's not something the HSL process will natively do. You could create a separate connection for each and rapid fire log to all of them (sounds like a good idea for a proc), or perhaps send the data to a single Syslog instance that then replicates the data to the rest.
- TJ_VreugdenhilMar 05, 2014
Cirrus
Thanks Kevin - I ended up using the following and believe it's working.
From: W3C Extended Log File Examples (IIS 6.0) http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ffdd7079-47be-4277-921f-7a3a6e610dcb.mspx?mfr=true Fields: date time c-ip cs-username s-ip cs-method cs-uri-stem cs-uri-query sc-status sc-bytes cs-bytes time-taken cs-version cs(User-Agent) cs(Cookie) cs(Referrer) This iRule will open up to connections to two syslog pools. The desire is to put one syslog server in each pool, so you can send the same syslog data to two pools. when CLIENT_ACCEPTED { Open a new high speed logging connection to the syslog pool named syslog_server_pool set hsl1 [HSL::open -proto UDP -pool syslog_server_pool] set hsl2 [HSL::open -proto UDP -pool syslog_server_pool2] } when HTTP_REQUEST priority 999 { Save request variables that are not accessible in HTTP_RESPONSE, like the URI, request method, etc set req_start [clock clicks -milliseconds] set cs_username [HTTP::username] set cs_uri_stem [HTTP::path] set cs_uri_query [HTTP::query] set cs_bytes [HTTP::header Content-Length] set ua [HTTP::header User-Agent] set cookies [HTTP::header values Cookie] set referer [HTTP::header Referer] } when HTTP_RESPONSE { Send the syslog message with a syslog facility of 134 (local0.info) See the HSL wiki page for details on the facilties: https://devcentral.f5.com/wiki/iRules.HSL__send.ashx Replace null values with a hyphen: Use string map to replace a "tab space tab" with "tab hyphen tab" HSL::send $hsl1 "[string map [list "\t \t" "\t-\t"]\ "<134>\t\ [info hostname]\t\ [IP::local_addr]\t\ [clock format [clock seconds] -format "%d/%m/%Y %H:%M:%S %z"]\t\ [IP::client_addr]\t\ $cs_username\t\ [clientside {IP::local_addr}]\t\ $cs_uri_stem\t\ $cs_uri_query\t\ [HTTP::status]\t\ [HTTP::header Content-Length]\t\ [expr {[clock clicks -milliseconds] - $req_start}]\t\ [HTTP::version]\t\ \"$ua\"\t\ $cookies\t\ $referer\ "]\n" HSL::send $hsl2 "[string map [list "\t \t" "\t-\t"]\ "<134>\t\ [info hostname]\t\ [IP::local_addr]\t\ [clock format [clock seconds] -format "%d/%m/%Y %H:%M:%S %z"]\t\ [IP::client_addr]\t\ $cs_username\t\ [clientside {IP::local_addr}]\t\ $cs_uri_stem\t\ $cs_uri_query\t\ [HTTP::status]\t\ [HTTP::header Content-Length]\t\ [expr {[clock clicks -milliseconds] - $req_start}]\t\ [HTTP::version]\t\ \"$ua\"\t\ $cookies\t\ $referer\ "]\n" }
- TJ_VreugdenhilNov 11, 2014
Cirrus
Hi Marvin - I think when I used this for a client, they had solarwinds Orion setup, but I am not sure. But I don't see why any type of syslog would not work for W3C. I would assume it is something to do with your syslog display filters, or something like that. For testing, just setup basic syslog on the F5 itself under the system > Log > Remote Logging menu. And see if you can see 'regular' syslog messages on your kiwi server.