Forum Discussion
Ron_Kim_110696
Nimbostratus
NimbostratusiRule example to extract specific X509 information: SOL5171
I can't get this iRule to work.
The variable $sn in the HTTP_REQUEST section does not have a value.
It is working in the CLIENTSSL_CLIENTCERT section.
Variables do not seem t...
Ron_Kim_110696Nimbostratus
NimbostratusThanks Colin.
Questions:
Will the below work?
Do we need to initialize the variables in the beginning of the rule?
What happens if a hacker inserted his own HTTP header insterts?
Where and how would I add the ability to check for "[X509::verify_cert_error_string" and do a redirect if there is an error?
===================================
class certURIs {
"/uri1/"
"/uri2/"
"/uri3/"
"/uri4/"
}
===================================
when HTTP_REQUEST {
if { [matchclass [HTTP::uri] starts_with $::certURIs] } {
SSL::authenticate always
why not 'SSL::autenticate once' ??
SSL::authenticate depth 9
SSL::cert mode request
SSL::renegotiate
}
}
when CLIENTSSL_CLIENTCERT {
set cert [SSL::cert 0]
set sn [X509::serial_number $cert]
set subject [X509::subject $cert]
set issuer [X509::issuer $cert]
set version [X509::version $cert]
session add uie [SSL::sessionid] [list $sn $issuer $subject $version] 1800
log local0. "in SSLid_F5 [SSL::sessionid]"
}
when HTTP_REQUEST {
set values [session lookup uie [SSL::sessionid] ]
if { [lindex $values 0] != "" } {
HTTP::header insert ClientSSL_Serial_F5 [lindex $values 0]
log local0. "in inserting Serial_F5 [lindex $values 0]"
HTTP::header insert ClientSSL_Issuer_F5 [lindex $values 1]
log local0. "in inserting Issuer_F5 [lindex $values 1]"
HTTP::header insert ClientSSL_Subject_F5 [lindex $values 2]
log local0. "in inserting Subject_F5 [lindex $values 2]"
HTTP::header insert Version_F5 [lindex $values 3]
log local0. "in inserting Version_F5 [lindex $values 3]"
}
}