Forum Discussion
Expression help
Hi all,
I need a little help with an expression aimed to reduce rule clutter and I haven't been able to get it working properly. Basically what I'm checking for is if URI is accessed check for specific CN of client certificate, then allow.
expr { [mcget {session.server.landinguri}] eq "/URI_01" && [mcget {session.ssl.cert.subject}] contains "mycert.certificate.com" }
Unfortunately I have a lot of URIs, but they mostly check for the same certificate. So I tried using a starts_with /URI but it doesn't seem to work and all attempts to that URI end up with a deny.
expr { [mcget {session.server.landinguri}] starts_with "/URI" && [mcget {session.ssl.cert.subject}] contains "mycert.certificate.com" }
What that should do is allow access to /URI_01, /URI_02, /URI_03, and so on, with just one rule. But it doesn't and only when I specifically name the URI in its own rule does it work.
The ACLs for the URI paths are good with a wildcard, so I have an L7 ACL that allows /URI* and that works but the actual access policy doesn't work with one rule.
Does anyone see what I'm missing? Thanks in advance!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com