Need help to understand the flow logic of the irule
Hi Team,
Below is the irule which I have worked. Could you please help me to know on the following:
1 - What is the difference in using reject and Return in an iRule?
2 - Why do we need to set debug 0 in an irule?
3 - Will the same logic will work without an debug?
4 - What is the use or array set in an irule?
when CLIENTSSL_CLIENTCERT {
set debug 0
# Check if client presented a cert after it was requested
if {[SSL::cert 0] eq ""}{
reject
} else {
set ssl_cert [SSL::cert 0]
log local0. "cert is $cert"
set subject [X509::subject [SSL::cert 0]]
array set subject_fields [split $subject ",="]
log local0. "subject is $subject"
}
}
when HTTP_REQUEST {
log local0. "The X-common-name <---> $subject"
if {[info exists subject_fields(CN)]} {
HTTP::header insert X-Common-Name "$ubject_fields(CN)"
log local0. "The X-common-name-to-server <---> $subject"
HTTP::header insert X-Source-Ip [IP::remote_addr]
}
# If there is no CN then respond with a error 403
else {
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
}
}