cancel
Showing results for 
Search instead for 
Did you mean: 

iRule to Log TLS Version and HTTP Host and URI

Yugandhar
Nimbostratus
Nimbostratus

Hi,

 

Created the following iRule to log the TLS ver info and HTTP Host and URI Details.

 

==========================================

when CLIENTSSL_HANDSHAKE {

 

           if { [SSL::cipher version] == 1.0 || [SSL::cipher version] == 1.1 || [SSL::cipher version] == 1.2 }{

 

set FLAG 1

 

            set TLS-VER [SSL::cipher version]

 

           }

}

 

when HTTP_REQUEST {

 

           if { $FLAG } {

 

           set VIP [IP::local_addr]:[TCP::local_port]

 

         set CLIENT [IP::client_addr]:[TCP::client_port]

 

         set URL [HTTP::host][HTTP::uri]

 

         log local0. "Client ($CLIENT) connected to the VIP ($VIP) for $URL using $TLS-VER"

 

           }

}

 

=================================================

 

When the iRule is executed it throws the following error message in /var/log/ltm

 

- can't read "FLAG": no such variable    while executing "if { $FLAG } {                                  set VIP [IP::local_addr]:[TCP::local_port]                        set CLIENT [IP::client_addr]:[TCP::client_port]                        set URL [HTTP::host]..."

 

=============================================================

 

FLAG variable is created in SSL Client Handshake Event and that's passed over to HTTP Request event but i m not sure why it says no variable called FLAG.

 

 

Could you please help me in executing this iRule correctly

 

Thanks,

Yugandhar.

 

 

1 REPLY 1

Hi Yugandhar,

 

[SSL::cipher version] : Returns the current SSL cipher version using the format of the OpenSSL SSL_CIPHER_get_version() function (e.g. “SSLv2”, “SSLv3”, “TLSv1”, “TLSv1.1”, “TLSv1.2”).

REF: https://clouddocs.f5.com/api/irules/SSL__cipher.html

when CLIENTSSL_HANDSHAKE { if { [SSL::cipher version] equals "TLSv1" || [SSL::cipher version] equals "TLSv1.1" || [SSL::cipher version] equals "TLSv1.2" }{ set FLAG 1 set TLS-VER [SSL::cipher version] } else { set FLAG 0 } }   when HTTP_REQUEST { if { $FLAG } { set VIP [IP::local_addr]:[TCP::local_port] set CLIENT [IP::client_addr]:[TCP::client_port] set URL [HTTP::host][HTTP::uri] log local0. "Client ($CLIENT) connected to the VIP ($VIP) for $URL using $TLS-VER" } }

You don't need CLIENTSSL_HANDSHAKE event in iRule:

when HTTP_REQUEST { set TLS-VER [SSL::cipher version] set VIP [IP::local_addr]:[TCP::local_port] set CLIENT [IP::client_addr]:[TCP::client_port] set URL [HTTP::host][HTTP::uri] log local0. "Client ($CLIENT) connected to the VIP ($VIP) for $URL using $TLS-VER" }