Forum Discussion
Mathew_58739
Nimbostratus
NimbostratusCompare a variable to a list
I have an issue with my iRule. I am attepmting to compare a variable value to a white list of values. I have written the following iRule. However, if I place more than one value in my DataGroup, the iRule fails. Is there another way to compare a variable to a DataGroup list?
when RULE_INIT {
set appidresponse {
Application Code Error 551
Your SSL MA negotiation used an unauthorized Client Application ID.
Please validate your client certificate. (Error Code:551)
}
}
when CLIENTSSL_CLIENTCERT {
set client_cert [SSL::cert 0]
set appidcode [findstr [X509::subject $client_cert] "OU=" 10 ","]
session add ssl [SSL::sessionid] $appidcode
log local0. "Application Code = $appidcode"
}
when HTTP_REQUEST {
set appid [session lookup ssl [SSL::sessionid]]
if {$appid != [lindex $::app_id 0]}{
log local0. "Failed App ID 551: [IP::client_addr] & [X509::subject $client_cert]"
HTTP::respond 551 content [subst $::appidresponse]
}
elseif {$appid == [lindex $::app_id 0]}{
HTTP::header insert APPCERTID: "$appid"
}
}
hoolioCirrostratus
Mathew_58739I tried to use the matchclass command initially. However, it doesn't appear that the matchclass command will allow me to compare a variable to alist. One of the values used must be a fixed or specified value. The iRule engine keeps giving me the error that all variables must be proceeded by a $. But my syntax is correct according to examples. Here is my sample line...
set appid [session lookup ssl [SSL::sessionid]]
if {matchclass "$appid" != $::app_id}{
I have tried both removing and including quotes, brackets and braces to isolate the different components. It seems that the matchclass command must have one variable and one known value.- hoolioHow about:
if {not ([matchclass $appid equals $::app_id])}{
Aaron