Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Categorize SSL traffic by version, display as graph

David_Holmes_12
Historic F5 Account

on ‎01-Sep-2015 13:15

Problem this snippet solves:

You want to know how much SSLv3 traffic is hitting your site. Example image when going to https://x.x.x.x/sslversions:

0151T000003d9ECQAY.png

How to use this snippet:

Attach this iRule to your virtual server that is terminating SSL. It will collect statistics about which versions of SSL are being negotiated with clients. Use the 'istats dump' command to see the statistics. Or, connect to your virtual server and query for "/sslversions" to see a javascript graph.

Code :

when CLIENTSSL_HANDSHAKE {
        ISTATS::incr "ltm.virtual [virtual name] c [SSL::cipher version]" 1
    }
when HTTP_REQUEST {
        if { [string tolower [HTTP::uri]] equals "/sslversions" } {
            set v3 [ISTATS::get "ltm.virtual [virtual name] c SSLv3"]
            set t10 [ISTATS::get "ltm.virtual [virtual name] c TLSv1"]
            set t11 [ISTATS::get "ltm.virtual [virtual name] c TLSv1.1"]
            set t12 [ISTATS::get "ltm.virtual [virtual name] c TLSv1.2"]
            set hbody "\n \
  \n \
    \n \
    \n \
    \n \
  \n \
\n \
  \n \
    \n \
    
\n \
  \n \
\n \
"
            HTTP::respond 200 content $hbody
        }
    }
Comments
Brandon_30711
Historic F5 Account
‎16-Sep-2015 21:41
Love it David! Great example use of iStats. You may want to move the magic URI to an internal VIP to not advertise to people (read potential bad actors) what you traffic distribution looks like.
0 Kudos
Roflcopter
Nimbostratus
Nimbostratus
‎20-Sep-2015 23:23
Would be good to get a counter next to the percentages. Only thing I added to this was so that external IP's couldn't get to the /sslversions on virtual servers that we have externally facing. when HTTP_REQUEST { if { [string tolower [HTTP::path]] contains "/sslversions" } { if { !([matchclass [IP::client_addr] equals ssl_stats])} { discard } ssl_stats is a data group list
0 Kudos
prt1969_120570
Nimbostratus
Nimbostratus
‎09-Dec-2015 11:18
Based on Brandon's comment above, any feedback on what a modified script would look like to either send the /sslversions URI to another VIP or even via High Speed Logging to another destination?
0 Kudos
Version history
Last update:
‎01-Sep-2015 13:15
Updated by:
Contributors
Copyright © 2023 Khoros, LLC