Forum Discussion

mikegray_198028

Cirrus

Jan 20, 2017

irule help

Hello Team, I am looking for irule for the below scenario. https://www.example.com/user1 > for this user will submit client certificate with cn=user1 LB should accept this connection and rej...

Nacreous

Jan 23, 2017

Only the leaf cert, [SSL::cert 0] is used for client SSL checking. This should also work;-

when HTTP_REQUEST {
    set cn [class match -value [HTTP::path] starts_with dg_path_common_name_mapping]

    if {$cn ne ""} {
        Client certificate is required for this path  
       if {![SSL::cert count]} {
          HTTP::respond 403 content "Client certificate required" noserver
          return
       } elseif {!([X509::subject [SSL::cert 0]] contains $cn)} {
           Client cert doesn't match required Common Name
          HTTP::respond 403 content "Client certificate does not match required name $cn" noserver
          return
       }
    }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

irule help

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

iRULE regsub error

owa iapp assign irule

Irule Trigger two times

iRule assistance for subfolder redirect

Weird iRules issue

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS