Forum Discussion
request logging profile want to log client certificate details
- Feb 01, 2022
Seems like there is an enginerring request to get client cert info into requet-log.
So for now, I have to rewrite as a irule
can you sanitize what you have with your logging profile and iRule and post where you are?
- AlexS_ybJan 31, 2022Cirrocumulus
tmsh create ltm profile request-log ybrequest-log-20220126
tmsh modify ltm profile request-log ybrequest-log-20220126 app-service none defaults-from ybrequest-log \
#
#request-log-template '$BIGIP_HOSTNAME , $VIRTUAL_NAME , "$\{Host\}",RQ,$CLIENT_IP,$CLIENT_PORT,$DATE_NCSA,$HTTP_METHOD,$HTTP_URI,$HTTP_VERSION,\"${User-agent}\",\"${X-Forwarded-SSL-cert-subject}\","$\{YBID\}","$\{ybmethod\}","$\{DEBTSTHREAD\}"' \
#response-log-template '$BIGIP_HOSTNAME , $VIRTUAL_NAME , "$\{Host\}",RS,$CLIENT_IP,$CLIENT_PORT,$DATE_NCSA,$HTTP_METHOD,$HTTP_URI,$HTTP_VERSION,\"${User-agent}\",\"${X-Forwarded-SSL-cert-subject}\","$\{YBID\}","$\{ybmethod\}","$\{DEBTSTHREAD\}",$VIRTUAL_POOL_NAME,$SERVER_IP,$SERVER_PORT,$SNAT_IP,$SNAT_PORT,$HTTP_STATCODE,$RESPONSE_SIZE,$RESPONSE_MSECS,"$\{X-time\}"'
#is the header added by the irule
X-Forwarded-SSL-cert-subject
the irule looks something like
set certsubject [X509::subject $cert]
HTTP::header insert X-Forwarded-SSL-DN $certsubjectNot sure why thus makes a difference. The general question is how to log client cert info in request-log
- AlexS_ybFeb 01, 2022Cirrocumulus
Seems like there is an enginerring request to get client cert info into requet-log.
So for now, I have to rewrite as a irule
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com