Forum Discussion
Lee_Sutcliffe
Sep 21, 2017Nacreous
This might be something to get you started.. what it does is reads in, information from a client certificate (if one is present) into the session table. You can then use the list element in HTTP_REQUEST to search for something, perhaps a CN which will be contained in the x509 Subject field and select a pool based on this lookup.
when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] > 0 } {
session add ssl [SSL::sessionid] [list \
[SSL::verify_result] \
[X509::issuer [SSL::cert 0]] \
[X509::not_valid_before [SSL::cert 0]] \
[X509::not_valid_after [SSL::cert 0]] \
[X509::subject [SSL::cert 0]] \
[X509::serial_number [SSL::cert 0]] \
] 7200
}
}
when HTTP_REQUEST {
if {[SSL::sessionid] ne ""} {
set session_data [session lookup ssl [SSL::sessionid]]
check if element 0 = 0 "valid SSL cert"
if {[lindex $session_data 0] eq 0} {
if {[class match "[lindex [session lookup ssl [SSL::sessionid]] 4 ]" contains "CertificateCN_A"]} {
pool applicationPoolA
} else {
pool applicationPoolB
}
}
}
}