OCSP HTTP Header Specification/Example or field name of EDIPI?
- Dec 04, 2023
Lucas, thanks for the detailed response. Your assumptions are correct. I had seen that post you linked when I was searching and had dismissed it as unrelated to what I was looking for for. I had been lead to believe that the process you just described was sort of automatic, that simply by being in the F5 and using HTTPS that the x509 info would automatically be inserted into the HTTP request header and forwarded to the server.
I thought I was just missing the finer details, but I apparently really am missing the overarching architecture of how this will work! I think the important take away from your code is that I can name the EDIPI whatever I want in the request header. That's enough to let me start writing my PHP. So thanks!
I think I followed your code fine, but am entirely unfamiliar with the syntax/language. Am I right to assume that my server admins will have access to an F5 console where I'd have to get them to setup rules for how we want our connections to be managed, and the script your provided is an example of one of those handling rules?
- Dec 04, 2023
Great! sounds like you're on the right track.
The language that BIG-IPs use for network programmability is a flavor of TCL called "iRules". In a nutshell, you write code blocks like "When this event happens, do these commands", then you attach that code to a virtual server. iRules support passing data between events using variables. In this way, almost any conceivable use case or data translation is possible.
Events: https://clouddocs.f5.com/api/irules/Events.html
Commands: https://clouddocs.f5.com/api/irules/Commands.html
You can read more about irules here: