Forum Discussion
CREDCO_17916
Apr 08, 2008Nimbostratus
Thanks for the info. Since only one of my URI's requires a CC, it seems like I'll need to:
1. Check URI to see if its the one that requires a CC
2. If it is the URI that requires a CC, pull the SSL info out of the cert and insert it into the HTTP header, and send it to POOLA
3. If it's not a URI that requires a CC, send the request directly to POOLB without doing anything with SSL
I'm a total iRule rookie, so please bear with me. Here's my first stab at combining the 2 examples you sent me:
when CLIENTSSL_CLIENTCERT {
set time to maintain session data (in seconds)
set session_timeout 300
set ssl_stuff [list anything1 anything2]
set ssl_cert [SSL::cert 0]
set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]]
lset ssl_stuff 0 $ssl_cert
lset ssl_stuff 1 $ssl_errstr
session add ssl [SSL::sessionid] $ssl_stuff $session_timeout
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/companyA" } {
set ssl_stuff2 [session lookup ssl [SSL::sessionid]]
set ssl_cert2 [lindex $ssl_stuff2 0]
set ssl_errstr2 [lindex $ssl_stuff2 1]
if { $ssl_errstr2 eq "ok" } {
HTTP::header insert SSLClientCertStatus $ssl_errstr2
HTTP::header insert SSLClientCertSN [X509::serial_number $ssl_cert2]
pool POOLA
} else {
send HTTP 302 redirect to an error page
HTTP::redirect "http://192.168.0.64/error.html"
}
} else {
pool POOLB
}
}
Am I even close?
Thank you