Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

iRule to transmit plaintext data on a full proxy VIP?

Rongill
Nimbostratus
Nimbostratus

‎30-Apr-2021 06:35

My organization has webservers that our BigIPs act as a full SSL proxy for. They want to send decrypted traffic to an IDS and want men to do it without changing the current network design. I was going to use a clone pool but learned that it only clones the traffic after SSL encryption has taken place on either the client or server side. Is there an iRule I can use to capture this traffic during the decryption and clone it to another pool? I found this iRule string,

 

"when SERVERSSL_HANDSHAKE {

# Trigger collection of the decrypted payload once the SSL handshake has been completed successfully

SSL::collect"

 

and was wondering if this would collect the decrypted traffic? And if it did what iRule could I use to copy the payload and forward it to a different pool?

0 Kudos
1 REPLY 1

AlexBCT
MVP
MVP

‎02-May-2021 07:28

Hi Rongill,

I assume the protocol inside SSL is HTTP?

You should be able to do it with SIDEBAND or HSL​ commands in iRules. Colin has written a great article about it a while ago: https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1 

Hope that one helps.

0 Kudos
Copyright © 2023 Khoros, LLC