For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Moe_Jartin's avatar
Moe_Jartin
Icon for Cirrus rankCirrus
Aug 24, 2010

What event to use to forward to virtual?

I have a LDAPS VIP that I am offloading SSL on. I need to then forward that decrypted traffic to another virtual so that I can run a TCP::collect on the unencrypted traffic. Every example I can find...
application delivery
dev
devops
iRules
Moe_Jartin's avatar
Moe_Jartin
Icon for Cirrus rankCirrus
Aug 25, 2010
Spark,

 

 

Thanks for the info. Not looking to make an LB decision just log the query and source address. This is more of a troubleshooting issue. We have a LDAP client that is making a large query every 30 seconds, that query takes over 10 minutes to return. Needless to say, our LDAP servers quickly run out of memory and we end up with an LDAP outage. We are having a tough time identifying this client because the VIP was originally a L4 forwarding VIP with the SSL terminating on the servers AND, since the LTM is not inline, we are SNAT'ing the VIP.

 

 

So the SSL::collect command doesn't "hold" the connection like the TCP::collect command? Guess that explains the lack of the skip bytes option like TCP::collect has. i.e. TCP::collect 200 10

 

 

So if I understand, your irule will essentially continuously collect the SSL data until it sees the match string while still allowing that data to pass through the VIP onto the servers. Is that an accurate statement?

 

 

Thanks for your help.

 

 

Joe