SSL Heartbleed iRule update

Get the latest updates on how F5 mitigates HeartbleedGet the latest updates on how F5 mitigates Heartbleed For those of you tuning in to learn more about the OpenSSL Heartbleed vulnerability, here ...
Updated Mar 18, 2022
Version 2.0
application delivery
devops
heartbleed
iRules
openssl
Security
Jeff_Costlow_10's avatar
Jeff_Costlow_10
Historic F5 Account
Apr 12, 2014
For a client heartbeat request, the plaintext SSL record header will have a length in bytes. This is very small for both a malicious client and a benign client.

 

 

In the case of the early attacks, the heartbeat request payload is in plaintext, so the iRule could see that it's malicious.

 

 

However, this iRule as written will stop a malicious HB request even after the SSL handshake is completed and the SSL record payload is encrypted.

 

 

If you want a little bit more fine grained control and only stop heartbeat responses that have server data, click the link at the bottom of the story to see a server side iRule that stops the server responses if they are too large.