Irule explanation

Question

Hi can some explain what the following Irule is looking to do&nbsp;when CLIENTSSL_CLIENTCERT {&nbsp;&nbsp;if { [SSL::cert 0] ne "" }{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if { not [class match -- [X509::subject [SSL::cert 0]] contains [virtual name]_cert_dgl] } {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;reject&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;} else { reject }}&nbsp;thanks&nbsp;Andrew

lidev · Answer

Hi,in brief, this irules checks the CN of the X509 certificate in order to verify if it's present in the DataGroup [virtual name]_cert_dg , if not compliant it rejects the call.&nbsp;More details here : https://clouddocs.f5.com/api/irules/X509__subject.htmlhttps://clouddocs.f5.com/api/irules/SSL__cert.html&nbsp;Regards

Forum Discussion

Irule explanation

Recent Discussions

BIG-IP Oauth Client and AS

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Advice to partial rename uri path

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

Related Content

Explanation of F5 DDoS threshold modes

Hands-on Explanation of Kubernetes Role-Based Access Control

iRules Style Guide

BIG-IP Next: iRules pool routing

explanation about tmm usage

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS