Forum Discussion

Nimbostratus

Jul 13, 2006

convert v4.5 irules to v9.1.2 irules

We have a bigip2000 and doing some offloading for SSL-servers. We are also checking client certificates via an irule. I was used to the scripting tool in version 4.5, but TCL is somewhat else: ...

Jul 13, 2006

In v.9.x, you would use the matchclass to replace the "one of" command in v4.x. You'll have to create a Data Group called ccert_ok with the acceptable values.

when HTTP_REQUEST {
  set hdr [HTTP::header "SSLClientCertStatus"]
  if { [matchclass $hdr equals $::ccert_ok] } {
    pool Portal-apps
  } elseif { $hdr equals "NoClientCert" } {
    HTTP::redirect "https://portal.rdc.nl/errors/nocert.htm"
  } else {
    HTTP::redirect "https://portal.rdc.nl/errors/cert_error.htm"
  }
}

Just keep in mind that the equals command is case sensitive, so you might want to make all the strings lower case in your ccert_ok data group and then wrap the HTTP::header command with a "string tolower" command to convert the header to lowercase. But, if you know that case won't be an issue, then just leave it as is.

Hope this helps...

-Joe

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)