Forum Discussion

Historic F5 Account

Oct 12, 2006

ClientSSL_clientCert variables not avail in HTTP_Request

Hi All, I am working on an iRule that inserts the client certificate issuer and subject fields as a header for a terminated application. The following rule passes syntax checking, thou I see the log...

SIRT

Oct 22, 2006

I don't think setting a global variable will work in this case, as each new client connection will update the global variable, which will result in using the last connection's cert info for each HTTP request.

Indeed - I think it's best to serialise the cert data into the session table with a "session add " (I think that's the right parameters from memory), and then look the data up in the HTTP_REQUEST event.

I think the CLIENTSSL_CLIENTCERT event will only be triggered once per initial SSL negotiation (so SSL resumes won't fire it), so you only populate the session table once per client.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ClientSSL_clientCert variables not avail in HTTP_Request

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

master key file on vcmp guest HA Cluster different?

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

DNS Request to VS?

Guide for exam 402 F5 Certified Solution Expert

Related Content

iRules variables in BIG-IP Next: behavior change

iRule variable

2 IRules with "when HTTP_REQUEST"

APM Session Variable Logging

Scope of variables when using call

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS