Forum Discussion

Matjaz_Lenarcic's avatar
Matjaz_Lenarcic
Icon for Nimbostratus rankNimbostratus
Apr 20, 2020

F5 require client certificate to forward to a backend server only in specific uri

Hello,

 

I need an iRule to request client certificate from specific URI and send to a back end server like x-client-cert?

And can anyone know how to read x-client-cert from header and use it in apache?

 

regards

1 Reply

  • Something like that should do it :

    https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html

    For example, taken from this page :

    when RULE_INIT {
            set static::debug 1
    }
     
    when CLIENTSSL_CLIENTCERT {
            #Example Subject DN:  /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith
            set subject_dn [X509::subject [SSL::cert 0]]
            if { $subject_dn != "" }{
                    if { $static::debug }{ log "Client Certificate received: $subject_dn"}
            }
    }
    when HTTP_REQUEST {
            if { [HTTP::uri] starts_with "/companyA" } {
                    if { !($subject_dn contains "CN=Company A") } {
                            reject
                    }
            } elseif { [HTTP::uri] starts_with "/companyB" } {
                    if { !($subject_dn contains "CN=Company B") } {
                            reject
                    }
            }
    }