For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

CREDCO_17916's avatar
CREDCO_17916
Icon for Nimbostratus rankNimbostratus
Apr 07, 2008

HTTPS URI re-direct and client certs

Hi,     I'm trying to create an iRule that parses a URI and sends the request to 1 of 2 pools based on the URI. Very straight forward. The first URI listed below requires a Client Cert. The s...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 08, 2008
Hello,

 

 

Are you wanting the client to present a cert on the client - VIP connection? Or do you want the BIG-IP to use the same client cert regardless of what the client includes in it's request?

 

 

If the former, you can use a client SSL profile with client cert set to request or require. You can use an iRule to parse the client cert and insert it into an HTTP header. You need to add an HTTP profile in order to insert an HTTP header using an iRule. The application would parse this HTTP header to determine whether the request is valid. There is an example of the iRule in the Codeshare (Click here). If you want to do validation of the client cert in a rule, you can start with this example (Click here).

 

 

If you want to have the BIG-IP use a single client cert in all requests made to the pool, you can configure this in a server SSL profile. For details on this, check the LTM configuration guide for your version on AskF5.com.

 

 

Aaron