Forum Discussion

Nimbostratus

May 01, 2017

redirect irule when an client certificate is missing

there are two parts to the requirement 1: when the Cert is missing the redirect should be /certnotavailable - this part is not working. 2: when a cert CN:X then redirect should be /X and when CN:Y re...

application delivery

iRules

Niels_van_Sluis

MVP

May 05, 2017

Your iRule fails because the variable

$subject_dn

doesn't exists when the client doesn't send a client certificate. This iRule should work:

when RULE_INIT {
    set static::debug 1
}

when CLIENTSSL_CLIENTCERT {
    set subject_dn [X509::subject [SSL::cert 0]] 
    if { $subject_dn != "" }{
        if { $static::debug }{ log "Client Certificate received: $subject_dn"}
    }
}

when CLIENTSSL_HANDSHAKE {
    if { [SSL::verify_result] == !0 } then {set clientCRT 1} else {set clientCRT 0}
}

when HTTP_REQUEST {
    if {[info exists subject_dn]} {
        switch -glob -- $subject_dn {
            "*CN=Vinit-A*" {HTTP::redirect "/vinit-A.html"}
            "*CN=Vinit-B*" {HTTP::redirect "/vinit-B.html"}
            "*CN=Vinit-B*" {HTTP::redirect "/vinit-C.html"}
        }
    }
    else {
        HTTP::redirect "/Certmissing.html"
    }
}

Forum Discussion

redirect irule when an client certificate is missing

Recent Discussions

BWC iRule

Citrix XenServer Big-IP Upgrade help

iRule condition - request contains more than 10000 parameters

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Missing Certificate after redirect

Re: Management Certificate

The Case of the Missing F5 AMI : F5 BIG-IP AMI Lifecycle Events

My Security+ Certification Journey

Certifications for security professionals