cancel
Showing results for 
Search instead for 
Did you mean: 

Irule explanation

Andrew_Jones
Nimbostratus
Nimbostratus

Hi can some explain what the following Irule is looking to do

 

when CLIENTSSL_CLIENTCERT {

  if { [SSL::cert 0] ne "" }{

     if { not [class match -- [X509::subject [SSL::cert 0]] contains [virtual name]_cert_dgl] } {

        reject

     }

 } else { reject }

}

 

thanks

 

Andrew

1 REPLY 1

Lidev
MVP
MVP

Hi,

in brief, this irules checks the CN of the X509 certificate in order to verify if it's present in the DataGroup [virtual name]_cert_dg , if not compliant it rejects the call.

 

More details here :

https://clouddocs.f5.com/api/irules/X509__subject.html

https://clouddocs.f5.com/api/irules/SSL__cert.html

 

Regards