F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Ganesh_Sanap_23's avatar
Ganesh_Sanap_23
Icon for Nimbostratus rankNimbostratus
Mar 01, 2017

Irule Redirection for different host

Hi,   I need to write down an irule which states if traffic come for CN:abc.com it should redirect "def.com" and for CN tuv.com traffice goes to xyz.com.   Current Irule on LB:   This iRule...
application delivery
iRules
svs's avatar
svs
Icon for Cirrostratus rankCirrostratus
Mar 02, 2017

This doesn't make sense to me. Why do you check the CN from a client certificate to decide on the pool of the connection? Did I get correctly? I'm not sure...

May this be, what you're looking for?

when CLIENTSSL_CLIENTCERT {

     Check if client provided a cert
    if {[SSL::cert 0] eq ""}{ 
         Reset the connection
        reject
    } else { 
        Check if the client certificate contains the correct CN 
        log local0. "Client Certificate: [X509::subject [SSL::cert 0]]"

        if { ([class match [X509::subject [SSL::cert 0]] contains F5_cn_list]) } { 
            log local0. "Forward to def.com pool"
            pool pool_def.com
        } elseif { ([class match [X509::subject [SSL::cert 0]] contains F5_cn_list2]) } { 
            log local0. "Forward to xyz.com pool"
            pool pool_xyz.com
        } else { 
            log local0. "No Matching Client Certificate Was Found Using: [X509::subject [SSL::cert 0]]"
            reject 
        } 
    }
}

I absolutely agree with Patrik. Please use the correct format options, otherwise no one will be willing to read your "question".

Greets, svs