For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Juha__Ranta_106's avatar
Juha__Ranta_106
Icon for Nimbostratus rankNimbostratus
Mar 10, 2005

Requiring an SSL Certificate for Parts of an Application and HTTP::header insert..

Hi!     I have problems inserting SSL client x509 certificate information into HTTP::header's when client SSL certificate is required only for certain parts of an application (https virtual...
application delivery
dev
devops
iRules
drteeth_127330's avatar
drteeth_127330
Historic F5 Account
Mar 10, 2005
No, it is not possible to examine or insert HTTP headers from the SSL rule events. The brief explanation is that the SSL handshake must complete before the HTTP headers are sent. I think you can solve your problem by using HTTP::redirect back to the same HTTP::uri if the client certificate is required but not present. This will force the client to retry the request. Some care should be taken to ensure that you don't create a redirect loop in the event that the client continues to connect without a certificate. There's no really good way to do this. Your best bet is probably to add a parameter to the querystring of the redirect URI. Hope this helps...