Forum Discussion

MaxMedov's avatar
MaxMedov
Icon for Cirrostratus rankCirrostratus
Jan 09, 2023
Solved

iRule to accept client then SSL cert validation

Hi everyone 🙂 Please advise the best way to combine an iRule with doing this: 1. Accept only client coming from 1 specific IP then: 2. For the rest (who are not this specific IP), I want to chec...
  • Hooni_L's avatar
    Jan 13, 2023

    MaxMedov
    I think you can use tcp::collect.

     

    refer tcp collect start irule 

    when CLIENT_ACCEPTED {
        # DEBUG On/Off : 1/0
        set DEBUG 0
    
        # disable client/serverside ssl profile by default
        SSL::disable clientside
        #SSL::disable serverside
    
    
        if { $DEBUG || [class match -name -- [IP::client_addr] equals debug_ip ] ne "" } { #log local0. "flow is - [IP::remote_addr] -> [IP::local_addr]" }
    
        # run TCP collect to check SNI for bypass before intercept SSL traffic
        # log local0. "run client collect command"
        TCP::collect
        set monitor_id [ after 500 {
            TCP::release
        } ]
    }

    and you can check the sni, cn, etc... in "when CLIENT_DATA "