How to do the following in a permissible way?

Question

when CLIENTSSL_HANDSHAKE {  &nbsp;
   SSL::collect  &nbsp;
}  &nbsp;
when CLIENTSSL_DATA {  &nbsp;
  set chan [open my.log a]  &nbsp;
  puts $chan [SSL::payload]  &nbsp;
  close $chan  &nbsp;
  SSL::release  &nbsp;
}    &nbsp;
This irule gives me the following error:&nbsp;
error: [command is disabled: "open"][open my.log a]&nbsp;
I was led to believe this could/should be done via iControl. Any help would be appreciated.&nbsp;

kevin_stewart · Answer

Generally speaking, you can't perform file-level access routines directly from an iRule. All of the TCL I/O functions have been disabled for the sake of performance and security. You can however dump to syslog:
log local0. [SSL::payload]

Or you can do the same with High Speed Logging (HSL). You could also perform a sideband call to a remote server. HSL will be the fastest option and sideband will create the greatest latency. There are of course other, less "supported", ways of bridging between the data plane (iRules) and the management plane (file system), but these are probably your best options.

Forum Discussion

How to do the following in a permissible way?

1 Reply

Recent Discussions

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Can iRule mask the payload content on event logs of security

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

F5Access | MacOS Sonoma

Related Content

Insufficient permissions BIG-IQ login error

Simple Sideband - iRule sideband the easy way

Is there a way to trace connections?

F5 BIG-IP Bot Defense - Previous Request and Follow Up Request

Different ways Financial Services Institutions can deploy NGINX in Azure