iRule to transmit plaintext data on a full proxy VIP?

Question

My organization has webservers that our BigIPs act as a full SSL proxy for. They want to send decrypted traffic to an IDS and want men to do it without changing the current network design. I was going to use a clone pool but learned that it only clones the traffic after SSL encryption has taken place on either the client or server side. Is there an iRule I can use to capture this traffic during the decryption and clone it to another pool? I found this iRule string,

"when SERVERSSL_HANDSHAKE {

# Trigger collection of the decrypted payload once the SSL handshake has been completed successfully

SSL::collect"

and was wondering if this would collect the decrypted traffic? And if it did what iRule could I use to copy the payload and forward it to a different pool?

alexbct · Answer

Hi Rongill, ​I assume the protocol inside SSL is HTTP? You should be able to do it with SIDEBAND&nbsp;or HSL​ commands in iRules. Colin has written a great article about it a while&nbsp;ago:  https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1&nbsp;Hope that one helps. 
​

Forum Discussion

iRule to transmit plaintext data on a full proxy VIP?

1 Reply

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

irule

Avoiding Common iRules Security Pitfalls

Simple Sideband - iRule sideband the easy way

GSLB Split DNS by iRule

Live Coding with iRules - Heatmaps!