For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Goran_Blomquis1's avatar
Goran_Blomquis1
Icon for Nimbostratus rankNimbostratus
Mar 26, 2009

Set ssl to require and pass cert when uri /manual

Hi devcentral     I try to write a I-rule that change ignore to require in SSLclient profile. I think Iḿ on the right track, but backend seems to be very slow and ask for cert all the time....
application delivery
dev
devops
iRules
Goran_Blomquis1's avatar
Goran_Blomquis1
Icon for Nimbostratus rankNimbostratus
Oct 15, 2009
Hi,

 

 

The result was that certificate info never reached the backend server (if I rember it right). Problem are solved and I use an I-rule looking something like this.

 

 

when CLIENTSSL_CLIENTCERT {

 

HTTP::release

 

if { [SSL::cert count] < 1 } {

 

reject

 

}

 

}

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/manual" } {

 

if { [SSL::cert count] <= 0 } {

 

HTTP::collect

 

SSL::authenticate always

 

SSL::authenticate depth 9

 

SSL::cert mode require

 

SSL::renegotiate

 

}

 

}

 

}

 

when HTTP_REQUEST_SEND {

 

clientside {

 

if { [HTTP::uri] starts_with "/manual" } {

 

if { [SSL::cert count] > 0 } {

 

HTTP::header replace X-Client-Cert [b64encode [SSL::cert 0]]

 

}

 

}

 

}

 

}