Forum Discussion
Ryan_Rowe_79249
Dec 23, 2009Nimbostratus
Here I found this:
http://devcentral.f5.com/Wiki/default.aspx/iRules/ClientCertificateCNChecking.html
In part 3 I have made this but I don't know if it will work so my irule would look like this:
when RULE_INIT {
set ::debug 1
}
when CLIENTSSL_CLIENTCERT {
Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith
set subject_dn [X509::subject [SSL::cert 0]]
if { $subject_dn != "" }{
if { $debug }{ log "Client Certificate received: $subject_dn"}
}
}
when HTTP_REQUEST {
if {[matchclass [IP::client_addr] equals $::IPdatagroup]{
} elseif {($subject_dn contains "CN=Company A") } {
}
} elseif { HTTP::respond 403 content "403 - Forbidden" } }
}
Would this work?