Forum Discussion
VernonWells
Oct 09, 2015Employee
Here is your code formatted:
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri] ]
/_hst name and ?_hst=1 parameter triggers client cert renegotiation
if { !($renegtried) and ([SSL::cert count] == 0) and (([HTTP::uri] equals "/extern/test.jsp") or ([HTTP::uri] equal "/SO/services/dat") or ([HTTP::uri] equal "/test/services/Tasacion") or [(HTTP::uri] equal "/Ex/services/pay")) } {
log local0. "[IP::client_addr]:[TCP::client_port]: A log entry"
HTTP::collect
SSL::cert mode request
SSL::renegotiate
}
}
You have some oddly placed characters (for example, "[(" and sometimes you put "equal" rather than "equals"). In any case, a switch for equality will be easier to read:
when HTTP_REQUEST {
switch [HTTP::uri] {
"/extern/test.jsp" -
"/SO/services/dat" -
"/Ex/services/pay" {
if { !$renegtried && [SSL::cert count] == 0 } {
log local0. "[IP::client_addr]:[TCP::client_port]: A log entry"
HTTP::collect
SSL::cert mode request
SSL::renegotiate
}
}
}
}
Note that I removed the string tolower. Ordinarily, URI paths are case-sensitive (assuming your server and filesystem are) so the conversion is of no real value. Indeed, you perform the conversion, assign the value to $uri then never reference that variable. If you really do care, you can simply substitute that back in.