Forum Discussion

mikegray_198028

Cirrus

Jan 20, 2017

irule help

Hello Team, I am looking for irule for the below scenario. https://www.example.com/user1 > for this user will submit client certificate with cn=user1 LB should accept this connection and rej...

Cumulonimbus

Jan 23, 2017

Hi,

you can use this irule:

when CLIENTSSL_HANDSHAKE {
  if {![info exists username]} {set username ""}
}

when CLIENTSSL_CLIENTCERT {
     Check if client provided a cert
    if { [SSL::cert count] > 0 } {
        set username [regsub -all ".*CN=(.\[^,\]*),.*$" [X509::subject [SSL::cert 0]] {\1}]
    }
}

when HTTP_REQUEST {
    if {[HTTP::uri] equals /} {
        HTTP::redirect "/$username"
    }elseif { !([HTTP::uri] starts_with "/$username") } {
        HTTP::respond 403 content {
            
            Not authorized
            You are not autorized to access this website
            
        } noserver
    }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

irule help

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

irule ports

SSL Heartbleed iRule update

iRule help.

Redirect rewrite iRule

iRule redirection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS