Forum Discussion

Cirrostratus

Sep 22, 2012

Sporadic TCL erros from iRule after upgrade to 11.2.0

Hi! We're using an irule to handle access to a webservice. The irule matches the client certificate DN against a list of allowed DNs, and is the only irule assigned to the VIP. After upg...

Cirrostratus

Sep 23, 2012

If the client resumes an existing SSL session, they wouldn't hit the CLIENTSSL_CLIENTCERT event as they don't present the cert for that connection. You could change your check in HTTP_REQUEST to verify the variable exists and is set to 1:


when HTTP_REQUEST {

if { [info exists client_cert_ok] and $client_cert_ok == 1 }{
 Allow request
} else {
HTTP::respond 403 content "Bad client certificate!"
}
}

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Sporadic TCL erros from iRule after upgrade to 11.2.0

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

Related Content

Error post F5 upgrade

BIG-IP Upgrades Part 2 - Upgrade Behavior

Upgrade F5 BIGIP

iHealth Upgrade Advisor: Making upgrades a little easier

7 Steps Checklist before upgrading your F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS