Forum Discussion
Tom_Lebel_53961
Nimbostratus
Nimbostratusneed a rule to force client certs
I am in an odd dilema. I need to write an iRule to do the same thing as 'require' setting does for client certs.
Problem exists, because I need to require client certs by regulation, and one of th...
Tom_Lebel_53961Nimbostratus
NimbostratusOk. Getting there. Now I am wondering if someone can explain why this is working? Can anyone give me a section by section explaination of this?
Also, I need to have it do an 'OR' in the if statement that looks at the URI, but the editor doesn't like my syntax. How do you do an OR in an IF statement? I need it to do this for /ASITE OR /BSITE.
when CLIENT_ACCEPTED {
set session_flag 0
}
when CLIENTSSL_HANDSHAKE {
log LOCAL0.warn "cert count=[SSL::cert count]"
if {[SSL::cert count] == 0 }
{
log LOCAL0.warn "when client handshake,ssl cert count is 0,pass"
}
else {log LOCAL0.warn "when clent handshake , two way cert found and the cert count is [SSL::cert count] "
HTTP::release}
log "Session flag is $session_flag"}
when HTTP_REQUEST {
if {[HTTP::uri] starts_with "/ASITE"}
{log "Requiring certificate...and the request uri is :[HTTP::uri]"
if {[SSL::cert count] == 0}
{
log local0. "when http request,ssl cert count is 0,now http collect"
HTTP::collect
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
log local0. "when http request,now renegotiating"
set session_flag 1
SSL::renegotiate
}
}
else
{
log LOCAL0.warn "No cert needed,to server directly.And the uri is [HTTP::uri]" }
log "Session_flag at end of http_request is $session_flag"
}