cancel
Showing results for 
Search instead for 
Did you mean: 

iRule to transmit plaintext data on a full proxy VIP?

Rongill
Nimbostratus
Nimbostratus

My organization has webservers that our BigIPs act as a full SSL proxy for. They want to send decrypted traffic to an IDS and want men to do it without changing the current network design. I was going to use a clone pool but learned that it only clones the traffic after SSL encryption has taken place on either the client or server side. Is there an iRule I can use to capture this traffic during the decryption and clone it to another pool? I found this iRule string,

 

"when SERVERSSL_HANDSHAKE {

# Trigger collection of the decrypted payload once the SSL handshake has been completed successfully

SSL::collect"

 

and was wondering if this would collect the decrypted traffic? And if it did what iRule could I use to copy the payload and forward it to a different pool?

1 REPLY 1

AlexBCT
MVP
MVP

Hi Rongill,

I assume the protocol inside SSL is HTTP?

You should be able to do it with SIDEBAND or HSL​ commands in iRules. Colin has written a great article about it a while ago: https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1 

Hope that one helps.