Forum Discussion

Nimbostratus

Nov 13, 2007

iRule to require client certificate and validate it

I have limited possibilities to test the iRule because the business application is running via the F5... so can anyone help with this code (if there is no obvious syntax error): when HTTP_RE...

Cirrostratus

Dec 16, 2014

when CLIENT_ACCEPTED { set session_flag 0 } when CLIENTSSL_HANDSHAKE { if { [SSL::cert count] != 0 } { log "Client cert is OK; releasing HTTP request." HTTP::release } } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/polcard/" } { log "Certificate required for: [HTTP::uri]" if { [SSL::cert count] == 0} { log "No cert found. Holding HTTP request until a client cert is presented..." HTTP::collect set session_flag 1 SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate } else { log "crt OK" pool TestSSL HTTP::release } } else { log "No certificate needed for: [HTTP::uri]" pool Test } }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)