For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tom_Lebel_53961's avatar
Tom_Lebel_53961
Icon for Nimbostratus rankNimbostratus
Jul 07, 2006

need a rule to force client certs

I am in an odd dilema. I need to write an iRule to do the same thing as 'require' setting does for client certs. Problem exists, because I need to require client certs by regulation, and one of th...
application delivery
dev
devops
iRules
Tom_Lebel_53961's avatar
Tom_Lebel_53961
Icon for Nimbostratus rankNimbostratus
Jul 10, 2006
Thanks, that did get me started. Now I have this:

when HTTP_REQUEST {
if {[HTTP::uri] starts_with "/ASITE/" }
{HTTP::collect [HTTP::header Content-Length]
SSL::cert mode require
SSL::renegotiate}
else
{SSL::cert mode request
}
}

but it doesn't work.

Originally I had an HTTP::release after the SSL::cert mode request in the else statement, but I don't know what that's supposed to do.

On the server side, I've got the Apache set up, that when a call to /ASITE/ comes in, it redirects to the real site URI, so I figured, at that point it would only request the client cert, and not require it.

Thoughts?

Tom