Insert Client Certificate In Serverside HTTP Headers
Problem this snippet solves: An example iRule that pulls certain information from a client cert and passes it along to backend server in HTTP headers.
Here's one that illustrates how to use the "s...
Published Mar 18, 2015
Version 1.0
CodeCentral_194
Cirrostratus
CirrostratusCodeCentral_194Cirrostratus
Cirrostratus
gersbahCirrostratus
CirrostratusIf you are worried about possible tampering, 'replace' is only marginally better than 'insert'.
'replace' only replaces the last occurence of the header. So if an attacker adds their forged header twice, you end up with pretty much the same situation.
To be absolutely safe, you can do a 'remove' first (which removes all occurences of the header) and then 'insert'.