Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

iRule to check the client IP along with the client certificate CN


I'm trying to narrow the accepted traffic to be from a source IP address with a specific common name ( from the authorized certificate), but im getting an error:

can't read "subject": no such variable I already inserted the client certificate in the client SSL profile Trusted Certificate Authorities and put it as required.

the iRule is:


if {  ([HTTP::uri] starts_with "/Test/Service-One") && ([IP::addr [IP::client_addr] equals])  } {
    if { $subject contains "CN=CL_CN" } {
            log local0.info "BW_C114 clientIP:[IP::client_addr] accessed 19696_Pool With Certificate OK"
            pool AP_19696           
elseif {   ([HTTP::uri] starts_with "/Test/Service-Two") && ([IP::addr [IP::client_addr] equals]) } {
            log local0.info "BW_C115 clientIP:[IP::client_addr] accessed 19698_Pool"
            pool AP_19698
else {
    log local0.info "[HTTP::uri]"
            log local0.info "BW_Reject clientIP:[IP::client_addr] was rejected policy Violation"


Any help please Thank you

Rate this Question
Comments on this Question
Comment made 4 months ago by Alan Moen 122

Check here.

  set cert [SSL::cert 0]
  set subject [X509::subject $cert]

You're not setting $subject anywhere before using it. The above snippet (from the link) may help.

Comment made 4 months ago by A.Alkhuja 54

It worked,

Thank you Alan.


Answers to this Question