F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

AndOs's avatar
AndOs
Icon for Cirrostratus rankCirrostratus
Sep 22, 2012

Sporadic TCL erros from iRule after upgrade to 11.2.0

Hi! We're using an irule to handle access to a webservice. The irule matches the client certificate DN against a list of allowed DNs, and is the only irule assigned to the VIP. After upg...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 23, 2012
If the client resumes an existing SSL session, they wouldn't hit the CLIENTSSL_CLIENTCERT event as they don't present the cert for that connection. You could change your check in HTTP_REQUEST to verify the variable exists and is set to 1: 


when HTTP_REQUEST {

if { [info exists client_cert_ok] and $client_cert_ok == 1 }{
 Allow request
} else {
HTTP::respond 403 content "Bad client certificate!"
}
}

Aaron