Forum Discussion

Nimbostratus

Oct 03, 2017

How do I modify header fields on additional sockets?

I added an iRule to capture the x509 CN name form a CAC and insert it in the header (see below)- when CLIENTSSL_CLIENTCERT { set debug 0 if {[SSL::cert 0] eq ""}{ reject } el...

Cirrus

Oct 10, 2017

CLIENTSSL_CLIENTCERT is triggered when BIG-IP receives certificate message from the client. I think it happens at the time of new SSL handshake process.

You can use a session table to store the client cert / subject field using client IP address as key. Later in the HTTP request when you see the client IP retrieve the value from the table and insert it in the header.

Check this out if it helps https://devcentral.f5.com/articles/irules-101-12-the-session-command

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How do I modify header fields on additional sockets?

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Connection Rate Limit with log output

syslog over tcp and define management IP as source

Managing iRules configuration

Recommendation for Adv. Lab

Related Content

iRule to modify a content-security-policy header

ASM custom response page add additional information

HTML5 Web Sockets Changes the Scalability Game

modified domain cookies

Modifying iCall from TMSH

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS