Forum Discussion

Nimbostratus

Jan 11, 2007

iRule example to extract specific X509 information: SOL5171

I can't get this iRule to work. The variable $sn in the HTTP_REQUEST section does not have a value. It is working in the CLIENTSSL_CLIENTCERT section. Variables do not seem t...

Historic F5 Account

Feb 21, 2007

If it were me, I would create a class of URIs (assuming you have more than 10-15 or so, otherwise an if/else chain or switch is more efficient), and check to see if the incoming URI is in that class. On success, I'd force the cert mode to require.

It would look something like this (assuming you created a class of desired URIs as "certURIs"):


when HTTP_REQUEST {
  if { [matchclass [HTTP::uri] starts_with $::certURIs] } {
    SSL::authenticate always
    SSL::authenticate depth 9
    SSL::cert mode require
    SSL::renegotiate
  }
}

Which is distilled from this earlier post where a community member got a slightly more involved version of the above working: Click here

HTH,

Colin

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule example to extract specific X509 information: SOL5171

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

OCSP HTTP Header Specification/Example or field name of EDIPI?

Example of Static Variables with Virtual Server specific settings

Gy Diameter irule example

Suds Python Example

Find CVE information on AskF5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS