irule required.

Question

HI Can some one please provide an irule for allow only TLS1.2  for some customers  and  allow TLSv1.0  , TLSv1.1 for other users on same vip? How ever i am aware of IPs who i need to allow TLSV1.0 and 1.1  and rest of all  only TLS1.2 only ? is it possible if i can create Data group with IPs of  the ursers to allow TLSv1.1 and TLSv1.0 ? &nbsp;
your help is greatly appreciated.&nbsp;

acedawg_204810 · Accepted Answer

I think you had another post that refers to the same project: &nbsp;
https://devcentral.f5.com/questions/irule-for-restricting-selected-ips-for-not-using-tlsv1-and-11-60288&nbsp;

jrahm · Answer

The base iRule you are looking for is in the SSL::profile wiki page examples.&nbsp;

vvskaladhar_488 · Answer

HI Jason,&nbsp;
I have tried above but it did not helped. more over i am not users client and server SSL profiles. its all client profile which was tagged to the VIP.&nbsp;
when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] eq $TLSV1.0_1.1_Disable ]} {
    SSL::profile kaladhar.adc.com_TLS
  } else {
    SSL::profile kaladhar.adc.com_client-ssl
  }
}&nbsp;
I created Data group with Name :TLSV1.0_1.1_Disable ( added one of the testip from interent) created 2 profiles 1 with TLSv1.0 and 1.1 disable and on has no disabled of TLS  enabled TLSv1.0 . After tagging this irule i see the url stooped  working and unable to run qualys scan.and getting below error for all the users.&nbsp;
Assessment failed: No secure protocols supported .&nbsp;

vvskaladhar_488 · Answer

HI Jason,&nbsp;
I have tried above but it did not helped. more over i am not users client and server SSL profiles. its all client profile which was tagged to the VIP.&nbsp;
when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] eq $TLSV1.0_1.1_Disable ]} {
    SSL::profile kaladhar.adc.com_TLS
  } else {
    SSL::profile kaladhar.adc.com_client-ssl
  }
}&nbsp;
I created Data group with Name :TLSV1.0_1.1_Disable ( added one of the testip from interent) created 2 profiles 1 with TLSv1.0 and 1.1 disable and on has no disabled of TLS  enabled TLSv1.0 . After tagging this irule i see the url stooped  working and unable to run qualys scan.and getting below error for all the users.&nbsp;
Assessment failed: No secure protocols supported .&nbsp;

Forum Discussion

irule required.

5 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

iRULE - Redirect irule - Help required

Reminder: MFA now required to log in to DevCentral

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

F5 BIG-IP Sizing Requirement

API Security requirement?