Forum Discussion
Hille_de_Graaf_
Nimbostratus
Nimbostratusconvert v4.5 irules to v9.1.2 irules
We have a bigip2000 and doing some offloading for SSL-servers. We are also checking client certificates via an irule. I was used to the scripting tool in version 4.5, but TCL is somewhat else:
In 4.5 we use the following irule:
==========
if (http_header("SSLClientCertStatus") == one of ccert_ok) {
use pool Portal-apps
}
else if (http_header("SSLClientCertStatus") == "NoClientCert") {
redirect to "https://portal.rdc.nl/errors/nocert.htm"
}
else {
redirect to "https://portal.rdc.nl/errors/cert_error.htm"
}
=========
ccert_ok is a class that checks on two values
Can anybody help me or point me out what the irule should be in version 9
Thanks in advanced
1 Reply
- In v.9.x, you would use the matchclass to replace the "one of" command in v4.x. You'll have to create a Data Group called ccert_ok with the acceptable values.
when HTTP_REQUEST { set hdr [HTTP::header "SSLClientCertStatus"] if { [matchclass $hdr equals $::ccert_ok] } { pool Portal-apps } elseif { $hdr equals "NoClientCert" } { HTTP::redirect "https://portal.rdc.nl/errors/nocert.htm" } else { HTTP::redirect "https://portal.rdc.nl/errors/cert_error.htm" } }
Just keep in mind that the equals command is case sensitive, so you might want to make all the strings lower case in your ccert_ok data group and then wrap the HTTP::header command with a "string tolower" command to convert the header to lowercase. But, if you know that case won't be an issue, then just leave it as is.
Hope this helps...
-Joe
