Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 require client certificate to forward to a backend server only in specific uri

Matjaz_Lenarcic
Nimbostratus
Nimbostratus

‎20-Apr-2020 02:08

Hello,

 

I need an iRule to request client certificate from specific URI and send to a back end server like x-client-cert?

And can anyone know how to read x-client-cert from header and use it in apache?

 

regards

Labels:
0 Kudos
1 REPLY 1

ldesfosses
Cirrus
Cirrus

‎21-Apr-2020 09:53 - last edited on ‎04-Jun-2023 21:30 by Fog

Something like that should do it :

https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html

For example, taken from this page : 

when RULE_INIT {
        set static::debug 1
}
 
when CLIENTSSL_CLIENTCERT {
        #Example Subject DN:  /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith
        set subject_dn [X509::subject [SSL::cert 0]]
        if { $subject_dn != "" }{
                if { $static::debug }{ log "Client Certificate received: $subject_dn"}
        }
}
when HTTP_REQUEST {
        if { [HTTP::uri] starts_with "/companyA" } {
                if { !($subject_dn contains "CN=Company A") } {
                        reject
                }
        } elseif { [HTTP::uri] starts_with "/companyB" } {
                if { !($subject_dn contains "CN=Company B") } {
                        reject
                }
        }
}
0 Kudos
Copyright © 2023 Khoros, LLC