Balanced

Best way to have a good idea, is to have lots of ideas

Tag: TCL

Gather SSL cipher statistics from your F5 device

With the new PCI DSS requirements around the corner it might be interesting to gather some SSL cipher statistics from your F5’s. If you have a syslog server this is a piece of cake using the HSL function in iRules.

To use the iRule below, first create a pool called syslog-514_pool, or simply replace the name with a pool containing your syslog server(s). Then, for each virtual server attach the following iRule:

 

Essentially, what it does is to send a syslog message for every new SSL session established. This data could easily be indexed by Splunk or Elastic search to generate a report.

PS. If you have a Firewall between your loadbalancer and your syslog server you might want to verify that it’s open first.

Helping headers

Since we rely so heavily on the load balancers to handle part of the application logic the line between application servers and network equipment is blurred out. URIs and headers may change, and pools might be chosen depending on many different factors.

To add some transparence here I would recommend using the loadbalancer to give the users of your company additional information if they need it.

Read More

Powered by WordPress & Theme by Anders Norén