Irule explanation

Question

Hi can some explain what the following Irule is looking to do&nbsp;when CLIENTSSL_CLIENTCERT {&nbsp;&nbsp;if { [SSL::cert 0] ne "" }{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if { not [class match -- [X509::subject [SSL::cert 0]] contains [virtual name]_cert_dgl] } {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;reject&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;} else { reject }}&nbsp;thanks&nbsp;Andrew

lidev · Answer

Hi,in brief, this irules checks the CN of the X509 certificate in order to verify if it's present in the DataGroup [virtual name]_cert_dg , if not compliant it rejects the call.&nbsp;More details here : https://clouddocs.f5.com/api/irules/X509__subject.htmlhttps://clouddocs.f5.com/api/irules/SSL__cert.html&nbsp;Regards

Forum Discussion

Irule explanation

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Hands-on Explanation of Kubernetes Role-Based Access Control

explanation about tmm usage

irule

Avoiding Common iRules Security Pitfalls

Simple Sideband - iRule sideband the easy way