For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Soap_111722's avatar
Soap_111722
Icon for Nimbostratus rankNimbostratus
Oct 27, 2015

CertChk + Redirect

Looking for an iRule to use that will check for a specific machine CERT and if not found redirect to a custom URL. Any help is appreciated it. Thank you.  
application delivery
design
devops
iRules
LTM
Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Oct 27, 2015

Something like this could do the trick. You may have to tweak to your needs. You will also need to set your client auth in your client SSL profile to request.

https://devcentral.f5.com/wiki/iRules.X509__subject.ashx

https://devcentral.f5.com/wiki/iRules.SSL__cert.ashx

when HTTP_REQUEST {
    if {[SSL::cert count] > 0}{
        set cert_subject [X509::subject [SSL::cert 0]]
        if {$cert_subject equals "CN..."}{
            return
        }
        else {
            if cert doesn't contain required subject, redirect
            HTTP::respond 302 noserver Location "https://someurl"
        }
    }
    else {
        if no cert presented, redirect
        HTTP::respond 302 noserver Location "https://someurl"
    }
}
Soap_111722's avatar
Soap_111722
Icon for Nimbostratus rankNimbostratus
Oct 27, 2015
Yes, they are and that is the problem.