Forum Discussion

Cirrostratus

Sep 22, 2012

Sporadic TCL erros from iRule after upgrade to 11.2.0

Hi! We're using an irule to handle access to a webservice. The irule matches the client certificate DN against a list of allowed DNs, and is the only irule assigned to the VIP. After upg...

Cirrostratus

Sep 23, 2012

If the client resumes an existing SSL session, they wouldn't hit the CLIENTSSL_CLIENTCERT event as they don't present the cert for that connection. You could change your check in HTTP_REQUEST to verify the variable exists and is set to 1:


when HTTP_REQUEST {

if { [info exists client_cert_ok] and $client_cert_ok == 1 }{
 Allow request
} else {
HTTP::respond 403 content "Bad client certificate!"
}
}

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Sporadic TCL erros from iRule after upgrade to 11.2.0

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

T4 and ALL tenant images

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Related Content

BIG-IP Upgrades Part 2 - Upgrade Behavior

iHealth Upgrade Advisor: Making upgrades a little easier

Upgrade F5 BIGIP

7 Steps Checklist before upgrading your F5 BIG-IP

Upgrade to 15.1.10

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS