Forum Discussion

mikegray_198028's avatar
mikegray_198028
Icon for Cirrus rankCirrus
Jan 20, 2017

irule help

Hello Team, I am looking for irule for the below scenario. https://www.example.com/user1 > for this user will submit client certificate with cn=user1 LB should accept this connection and rej...
application delivery
iRules
LTM
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jan 20, 2017

Here's one in its simplest form:

when CLIENTSSL_CLIENTCERT {
    set subject_dn 0
     Check if client provided a cert
    if { [SSL::cert count] > 0 } {
        set subject_dn [X509::subject [SSL::cert 0]]
    }
}

when HTTP_REQUEST {
    set user_in_path [string trim [HTTP::uri] "/"]
    if { ! ($subject_dn contains "cn=$user_in_path") } {
        reject
    }
}