Log HTTPS Messages Using iRule

by admin | 3-Aug-2020 | ADC, F5, LTM

Applied version

BIG-IP LTM
Focus on version 15.X, 14.X
Less focus on earlier version

*Take note of every syntax with (‘) single-quote or (“) double-quote characters, copy-paste might not work.

Log HTTPS Messages Using iRule

(1) Creating iRule for logging https messages

Instead of decrypting the HTTPS traffic using private key or PMS key log, you can use iRule to log (in clear text) the HTTPS traffic passing through a Standard virtual server (VIP) with SSL Client profile.

This is achievable because F5 acts as full-proxy which terminate the SSL connection.

Log HTTPS request send to server (after http profile)
- Notice the X-Forwarded-For is included in the HTTP request log
Log HTTPS response send to the client
*Alternative to SSL decryption

iRule “irule_log_https_payload”

iRule, line 1-25 (Figure 1)
iRule, line 26-58 (Figure 2)

Filter: Client address 192.168.201.1
- Download Link

(2) Examining the captured logs

HTTP Request (Figure 1)
HTTP Response (Figure 2)

Log HTTPS Messages Using iRule

Log HTTPS Messages Using iRule

(1) Creating iRule for logging https messages

(2) Examining the captured logs

Recent Posts

Recent Comments

0 Comments

Submit a Comment Cancel reply