Forum Discussion
turki_aldosseri
Nimbostratus
Nimbostratuscontrol the traffic by client certificate with use Irules
i want to know if i can using iRules to switch between Application Server by Client Certificates ?
and if i can can you tell me how ? or give me reverence to reed
thank you
Lee_SutcliffeNacreous
This might be something to get you started.. what it does is reads in, information from a client certificate (if one is present) into the session table. You can then use the list element in HTTP_REQUEST to search for something, perhaps a CN which will be contained in the x509 Subject field and select a pool based on this lookup.
when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0 } { session add ssl [SSL::sessionid] [list \ [SSL::verify_result] \ [X509::issuer [SSL::cert 0]] \ [X509::not_valid_before [SSL::cert 0]] \ [X509::not_valid_after [SSL::cert 0]] \ [X509::subject [SSL::cert 0]] \ [X509::serial_number [SSL::cert 0]] \ ] 7200 } } when HTTP_REQUEST { if {[SSL::sessionid] ne ""} { set session_data [session lookup ssl [SSL::sessionid]] check if element 0 = 0 "valid SSL cert" if {[lindex $session_data 0] eq 0} { if {[class match "[lindex [session lookup ssl [SSL::sessionid]] 4 ]" contains "CertificateCN_A"]} { pool applicationPoolA } else { pool applicationPoolB } } } }