For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

VernonWells's avatar
VernonWells
Icon for Employee rankEmployee
Oct 09, 2015

Here is your code formatted:

 

when HTTP_REQUEST {
    set uri [string tolower [HTTP::uri] ]
    /_hst name and ?_hst=1 parameter triggers client cert renegotiation
    if { !($renegtried) and ([SSL::cert count] == 0) and (([HTTP::uri] equals "/extern/test.jsp") or ([HTTP::uri] equal "/SO/services/dat") or ([HTTP::uri] equal "/test/services/Tasacion") or [(HTTP::uri] equal "/Ex/services/pay")) } {
        log local0. "[IP::client_addr]:[TCP::client_port]: A log entry"
        HTTP::collect
        SSL::cert mode request
        SSL::renegotiate
    }
}

 

You have some oddly placed characters (for example, "[(" and sometimes you put "equal" rather than "equals"). In any case, a switch for equality will be easier to read:

 

when HTTP_REQUEST {
    switch [HTTP::uri] {
        "/extern/test.jsp" -
        "/SO/services/dat" -
        "/Ex/services/pay" {
            if { !$renegtried && [SSL::cert count] == 0 } {
                log local0. "[IP::client_addr]:[TCP::client_port]: A log entry"
                HTTP::collect
                SSL::cert mode request
                SSL::renegotiate
            }
        }
        
    }
}

 

Note that I removed the string tolower. Ordinarily, URI paths are case-sensitive (assuming your server and filesystem are) so the conversion is of no real value. Indeed, you perform the conversion, assign the value to $uri then never reference that variable. If you really do care, you can simply substitute that back in.