Forum Discussion

Mathew_58739's avatar
Mathew_58739
Icon for Nimbostratus rankNimbostratus
Jun 25, 2009

Compare a variable to a list

I have an issue with my iRule. I am attepmting to compare a variable value to a white list of values. I have written the following iRule. However, if I place more than one value in my DataGroup, the iRule fails. Is there another way to compare a variable to a DataGroup list?

 

 

when RULE_INIT {

 

set appidresponse {

 

 

 

Application Code Error 551

 

 

 

Your SSL MA negotiation used an unauthorized Client Application ID.

 

 

Please validate your client certificate. (Error Code:551)

 

 

 

}

 

}

 

when CLIENTSSL_CLIENTCERT {

 

set client_cert [SSL::cert 0]

 

set appidcode [findstr [X509::subject $client_cert] "OU=" 10 ","]

 

session add ssl [SSL::sessionid] $appidcode

 

log local0. "Application Code = $appidcode"

 

}

 

when HTTP_REQUEST {

 

set appid [session lookup ssl [SSL::sessionid]]

 

if {$appid != [lindex $::app_id 0]}{

 

log local0. "Failed App ID 551: [IP::client_addr] & [X509::subject $client_cert]"

 

HTTP::respond 551 content [subst $::appidresponse]

 

}

 

elseif {$appid == [lindex $::app_id 0]}{

 

HTTP::header insert APPCERTID: "$appid"

 

}

 

}

3 Replies

  • I tried to use the matchclass command initially. However, it doesn't appear that the matchclass command will allow me to compare a variable to alist. One of the values used must be a fixed or specified value. The iRule engine keeps giving me the error that all variables must be proceeded by a $. But my syntax is correct according to examples. Here is my sample line...

     

     

    set appid [session lookup ssl [SSL::sessionid]]

     

    if {matchclass "$appid" != $::app_id}{

     

     

    I have tried both removing and including quotes, brackets and braces to isolate the different components. It seems that the matchclass command must have one variable and one known value.
  • How about:

     

     

    if {not ([matchclass $appid equals $::app_id])}{

     

     

    Aaron