For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Moe_Jartin's avatar
Moe_Jartin
Icon for Cirrus rankCirrus
Aug 24, 2010

What event to use to forward to virtual?

I have a LDAPS VIP that I am offloading SSL on. I need to then forward that decrypted traffic to another virtual so that I can run a TCP::collect on the unencrypted traffic. Every example I can find...
application delivery
dev
devops
iRules
Moe_Jartin's avatar
Moe_Jartin
Icon for Cirrus rankCirrus
Aug 24, 2010
so I am not quite there after all. I am using this irule fromt he irule wiki page for SSL::collect:

 

 

when CLIENTSSL_HANDSHAKE {

 

log local0. "[IP::client_addr]:[TCP::client_port]: SSL handshake completed, collecting SSL payload"

 

SSL::collect

 

}

 

when CLIENTSSL_DATA {

 

log local0. "[IP::client_addr]:[TCP::client_port]: Collected [SSL::payload length] bytes, releasing payload"

 

log local0. "\[SSL::payload\]: [SSL::payload]"

 

SSL::release

 

}

 

 

However I am only seeing the initial LDAP bind and nothing more. I really need to see the query. I think this is because I am only "collecting" the first packet(s) after the SSL handshake and not the client-to-server packet that contains the query. so again, what event to use to "collect" all client SSL::payloads so that I can see the LDAP query?

 

 

Joe