Forum Discussion
Andreia
Cirrus
Cirrus[HELP PLEASE!] Client Certificate Validation based on URI
Hello! I need help making an iRule that does the following: 1 - if the request goes to "/auth" the client's certificate is not validated, but when BIG-IP forwards a request to the API server in the...
AndreiaCirrus
CirrusI did the test again on "In Private" mode. Look what logs reported:
Feb 15 10:48:28 err tmm1[16269]: 01220001:3: TCL error: /Common/irule_auth-opin-dev_v2 <HTTP_REQUEST> - can't read "error_strign": no such variable while executing "HTTP::respond 403 content "<html>Invalid client certificate: ${error_strign}</html>""
Feb 15 10:48:28 info tmm6[16269]: 01220002:6: Rule /Common/irule_auth-opin-dev_v2 <HTTP_REQUEST>: Certificate required for: /xyz/abc/customers/management/health
Feb 15 10:48:28 err tmm6[16269]: 01220001:3: TCL error: /Common/irule_auth-opin-dev_v2 <HTTP_REQUEST> - can't read "error_strign": no such variable while executing "HTTP::respond 403 content "<html>Invalid client certificate: ${error_strign}</html>""
Can you help?
Thank you!
AndreiaCirrus
CirrusI fixed the ${error_strign} to ${error_string} and now I'm receving connection reset when I do a request to another URI that is not /auth. For /auth URI goes Ok!
I'm sorry for a lot of answers it's because I'm reporting while I'm doing the tests.
- Paulius
MVP
Andreia No worries at all. Is it working the way you would expect now? Sorry for the typing error on "error_string" but good job fixing that.
- Andreia
Hi, Paulius!
Unfortunately not 😞
Now I'm receiving "Connection Reset" on browser.
I will try to do the opposite: do all the configuration on the SSL Client Profile works, and, when the request starts with /auth will disable the need to validate the client certificate.Wish me luck! LOL
Thanks a lot!
