Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Prakash_Jayaram's avatar
Prakash_Jayaram
Icon for Nimbostratus rankNimbostratus
Sep 28, 2015

How to retrive ssl client certificate from HTTP header

I have a scenario where actual ssl client certficate is already inserted inside the HTTP header. How can I make the F5 to look inside the HTTPheader for actual ssl client certificate?  
application delivery
deployment
design
LTM
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Sep 29, 2015

Hello,

According to SSL standard, client has to be present the authentication certificate during the SSL handshake. Your request would only be doable with an iRule solution. Even then, you will allow all clients to complete the SSL handshake, and decide to drop some of them who do not present the required HTTP header with a correct value. Essentially, you're building a L7 whitelist solution where client access rights are determined by the value of a HTTP header.

To help you get started: The function to return the value of a particular HTTP header is 

[HTTP::header value {MyHeader}]

when HTTP_REQUEST {

  log local0. "The value of HTTP header MyHeader is <[HTTP::header value {MyHeader}]>"
   Results are logged to /var/log/ltm. If the value is blank, the header was not found in client request.

}

Once you are at a point where you can see the actual certificates being logged to /var/log/ltm as the value of a HTTP header, I can help with the next step which is building a whitelist component of the iRule.