Cisco2F5_16233
Dec 14, 2011Nimbostratus
iRule help
My name is Will i just finished both my F5 classes Essentials - V10v and Advanced Topics - V10 Now i am being thrown into the fire as they say and i need some help with this irule.
What this irule should do is
"sets a varable called cert to the cert that comes in.....
uses that to set session persistance for 180 seconds.
sets another varable called clientip from the connected ip...
then some logging, if the varable cert isn't empty, add a log that says cert sent.
else, ie if it is empty set a log that say no cert."
This is what is was in v9 and worked perfectly
when CLIENTSSL_CLIENTCERT {
set cert [SSL::cert 0]
session add ssl [SSL::sessionid] $cert 180
set clientip [IP::remote_addr]
if { $cert ne ""} {
log local0. "iRULE:ClientIP:$clientip | Status: Cert Sent"
} else {
log local0. "iRULE:ClientIP:$clientip | Status: No Cert"
reject
return
}
}
}
when HTTP_REQUEST {
set client_cert [session lookup ssl [SSL::sessionid]]
set hash [X509::hash $client_cert]
if { [info exists hash] } {
HTTP::header replace NETWORK_ALIAS $hash
log local0. "iRULE:Inserting HTTP header client $clientip Cert Hash: $hash"
}
}
}
Now this irule no longer works in v10
Thank you in advance for your help!