Forum Discussion
Nitin2014_16246
Nimbostratus
Nimbostratusclient authentication (request) & irule
I have to check for 2 conditions when the client authentication fails & if its false then pass it to a pool, but its not working. is there another way to do this?
when CLIENTSSL_CLIENTCERT { set clientcert [SSL::verify_result]
log local0. "client=$clientcert"
} when HTTP_REQUEST { if {$clientcert != 0} || {[HTTP::header "User-Agent"] contains "iOS" and [HTTP::header "x-access-key"]} { HTTP::redirect http://www.xyz.com/ } else { pool Pool_Name } }
Stanislas_Piro2Cumulonimbus
Look at this code, it manage certificate client auth and display the CN of the user.
As you can see, HTTP_REQUEST event is not evaluated after Client cert auth.
when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] < 1}{ reject } else { HTTP::release array set subject [ split [string map {"\\," "," " , " "|" ", " "|" " ," "|" "," "|" "\\=" "=" " = " "|" "= " "|" " =" "|" "=" "|"} [X509::subject [SSL::cert 0]]] "|"]; } } when HTTP_REQUEST { Check authentication mode selected in previous HTTP_REQUEST event if { [SSL::cert count] == 0 } { if there is no client certificate hold the HTTP request till the SSL re-negotiation is done. HTTP::collect SSL::session invalidate SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate set request_headers [HTTP::request] } else { This code is not evaluated during the first request asking for authentication log local0. "Subject : $subject(CN)" HTTP::respond 200 content " Authenticated You are authenticated successfuly : $subject(CN) " noserver } } when HTTP_REQUEST_RELEASE { if { [info exists subject] } { log local0. "Subject : $subject(CN)" HTTP::respond 200 content " Authenticated You are authenticated successfuly : $subject(CN) " noserver } }