Forum Discussion
Jacob_Miller_61
Nimbostratus
NimbostratusInserting Client CERT headers in Version 9
I was hoping to test the insertion of headers in version 9. Maybe I'm just too thick to figure it all out, but I need some help. I would like a rule to insert the CLIENT HTTP headers similar to the way they were inserted in version 4.6.2. I was hoping it was something simple like:
when HTTP_REQUEST {
HTTP::header insert ORIG_CLIENT_IP [IP::remote_addr]
HTTP::header insert_modssl_fields {subject, issuer}
}
but all I get is complaints from the gui that I have not supplied enough arguments or maybe I have too many arguments, it just says "wrong number of arguments". The manual doesn't seem to have any listing of valid options. And the syntax in the manual is hard to decipher (there doesn't seem to be a syntax key anywhere).
Could someone point me in the right direction. Ii basically want all the info that I got in version 4.6, and I don't care if the client cert is valid or not, just dump the headers in modSSL format.
Thanks,
Jake
- The format for that command has chaged slightly in version 9.0. Give this a try.
set c [SSL::cert 0] HTTP::header insert [X509::cert_fields $c [SSL::verify_result] subject issuer]
Here are all the options that we support ...“versionnum” – Client certificate version number “serial” – Client cert serial number “sigalg” – Client cert signature algorithm “issuer” – Client cert issuer “validity” – Client certificate validity “subject” – Client certificate subject “subpubkey” – Client certificate subject public key “hash” – Client certificate hash 
Jacob_Miller_61Thank you, Thank you, Thank you.
That seems to work and has kept me from smashing my head into my desktop.
Jake
