For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MikeRobinson_64's avatar
MikeRobinson_64
Icon for Nimbostratus rankNimbostratus
Jul 14, 2009

CAC authentication and http headers

Hello everyone,     I am trying to get a CAC authentication irule working properly and have run into a glitch. The initial pass through the rule identifies the folder and requires a CAC fo...
application delivery
dev
devops
iRules
MikeRobinson_64's avatar
MikeRobinson_64
Icon for Nimbostratus rankNimbostratus
Jul 17, 2009
Thanks for asking Aaron. The version is 9.3.1 and the log output is shown below after adding in a few log statements to the irule:

 

 

Jul 16 22:17:06 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : cert count=0 result=0

 

Jul 16 22:17:07 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : cert count=0 result=0

 

Jul 16 22:17:08 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : cert count=0 result=0

 

Jul 16 22:17:08 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : gotcert = 0

 

Jul 16 22:17:12 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : cert count=0 result=0

 

Jul 16 22:17:12 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : gotcert = 0

 

Jul 16 22:17:19 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : Clientssl_clientcert section

 

Jul 16 22:17:19 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : OCSP Auth_Failure Recorded

 

Jul 16 22:17:19 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : cert count=2 result=0

 

Jul 16 22:17:19 tmm tmm[15463]: Rule irule_CAC_Required_OCSP : cert count=0 result=0

 

 

That's it. Even the auth failure should have produced a response to the user and it appears that it does not go through the http request section when auth failure occurs.

 

 

Mike