Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Hille_de_Graaf_'s avatar
Hille_de_Graaf_
Icon for Nimbostratus rankNimbostratus
Jul 13, 2006

convert v4.5 irules to v9.1.2 irules

We have a bigip2000 and doing some offloading for SSL-servers. We are also checking client certificates via an irule. I was used to the scripting tool in version 4.5, but TCL is somewhat else:   ...
application delivery
dev
devops
irules
Joe_Pruitt's avatar
Joe_Pruitt
Jul 13, 2006
In v.9.x, you would use the matchclass to replace the "one of" command in v4.x. You'll have to create a Data Group called ccert_ok with the acceptable values.

when HTTP_REQUEST {
  set hdr [HTTP::header "SSLClientCertStatus"]
  if { [matchclass $hdr equals $::ccert_ok] } {
    pool Portal-apps
  } elseif { $hdr equals "NoClientCert" } {
    HTTP::redirect "https://portal.rdc.nl/errors/nocert.htm"
  } else {
    HTTP::redirect "https://portal.rdc.nl/errors/cert_error.htm"
  }
}

Just keep in mind that the equals command is case sensitive, so you might want to make all the strings lower case in your ccert_ok data group and then wrap the HTTP::header command with a "string tolower" command to convert the header to lowercase. But, if you know that case won't be an issue, then just leave it as is.

Hope this helps...

-Joe