Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

F5 require client certificate to forward to a backend server only in specific uri

Matjaz_Lenarcic
Nimbostratus
Nimbostratus

Hello,

 

I need an iRule to request client certificate from specific URI and send to a back end server like x-client-cert?

And can anyone know how to read x-client-cert from header and use it in apache?

 

regards

1 REPLY 1

ldesfosses
Cirrus
Cirrus

Something like that should do it :

 

https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html

 

For example, taken from this page :

when RULE_INIT { set static::debug 1 }   when CLIENTSSL_CLIENTCERT { #Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith set subject_dn [X509::subject [SSL::cert 0]] if { $subject_dn != "" }{ if { $static::debug }{ log "Client Certificate received: $subject_dn"} } } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/companyA" } { if { !($subject_dn contains "CN=Company A") } { reject } } elseif { [HTTP::uri] starts_with "/companyB" } { if { !($subject_dn contains "CN=Company B") } { reject } } }