Forum Discussion
Ganesh_Sanap_23
Nimbostratus
Mar 01, 2017Irule Redirection for different host
Hi,
I need to write down an irule which states if traffic come for CN:abc.com it should redirect "def.com" and for CN tuv.com traffice goes to xyz.com.
Current Irule on LB:
This iRule...
svs
Cirrostratus
Mar 02, 2017This doesn't make sense to me. Why do you check the CN from a client certificate to decide on the pool of the connection? Did I get correctly? I'm not sure...
May this be, what you're looking for?
when CLIENTSSL_CLIENTCERT {
Check if client provided a cert
if {[SSL::cert 0] eq ""}{
Reset the connection
reject
} else {
Check if the client certificate contains the correct CN
log local0. "Client Certificate: [X509::subject [SSL::cert 0]]"
if { ([class match [X509::subject [SSL::cert 0]] contains F5_cn_list]) } {
log local0. "Forward to def.com pool"
pool pool_def.com
} elseif { ([class match [X509::subject [SSL::cert 0]] contains F5_cn_list2]) } {
log local0. "Forward to xyz.com pool"
pool pool_xyz.com
} else {
log local0. "No Matching Client Certificate Was Found Using: [X509::subject [SSL::cert 0]]"
reject
}
}
}
I absolutely agree with Patrik. Please use the correct format options, otherwise no one will be willing to read your "question".
Greets, svs
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects