Forum Discussion
MW1
Cirrus
CirrusCan this be done all in one Irule? - post rewrite, response rewrite , client cert auth / redirect & post reply + remember the orginal values
All,
I've been asked if I can:
1) rewrite a users login POST request to a web site, to insert a value (a remember me value) & remember the setting the user orginally choose.
2) Query the set cookie request that comes back from the webserver for one of the values (numerical string) and if it matches a "blacklist" (ie certain value) perform a client certificate authentication before proceeding or if not possible redirect the user to a different URI which is configured for this & at the same time reply back to the backend server (with the cookies to identify the user ) a post request ot log the user out of their session.
3) If the the client certificate check is performed on the without logging the user out above delete two values in the set cookie (username and ID which is set by the remember me setting) request that is sent to back to the user only if they did not set the remember me value.
I've seen examples of bits of the above but can this be achieved in one Irule? If not does anyone have a recommend way of storing the original value of the remember me setting between step number 1 to number 3?
thanks
hoolioCirrostratus
Hi MW,
That sounds very complicated but potentially doable. I spent a little time trying to renegotiate an SSL handshake on an HTTP response and it didn't seem to work. So if you can, it might be easier to redirect clients in step 2 to a new URL that you request a client cert for. You could combine that cert request with an HTTP::retry to kill the client's session.
I'd set aside a fair amount of time to write such a rule. It would be ideal if you could upgrade to 10.1.0 or 10.2.0 so you have a current version to work on.
Aaron