SSL Client Profile based on the URL

Hello group,

 

 

I am working with the following iRule, the goal I pursue is the following, the iRule must make the client certificate authentication done via the SSL Client Profile A or B based on the URL requested by the user . The difference between Client SSL profiles A and B is the CA that issued the client certificate.

 

 

When SSL client profile is selected and the user is authenticated , the certificate must be sent to the backend server in a header named x-client-cert.

 

 

I do not know the way to select the correct SSL Client Profile based on the URL, I even don’t know if it's possible to do that. I wonder if anyone has done this at some point and I will appreciate if anyone can help me with this.

 

 

The iRule I’m working on:

 

-------------------------------

 

 

when CLIENTSSL_CLIENTCERT {

 

 

set cert [SSL::cert 0]

 

 

session add ssl [SSL::sessionid] $cert 1000

 

 

}

 

 

when HTTP_REQUEST {

 

 

set client_cert [session lookup ssl [SSL::sessionid]]

 

 

if { $client_cert eq ""} {

 

 

SSL::renegotiate

 

 

} else {

 

 

HTTP::header remove x-client-cert

 

 

HTTP::header remove clientcert-xml

 

 

HTTP::header insert x-client-cert [b64encode $client_cert]

 

 

log local0. "File: [HTTP::path] x-client-cert: [string range [b64encode $client_cert] 0 10] ..."

 

 

}

 

 

if {[HTTP::header exists X-Forwarded-For] }{

 

 

HTTP::header replace X-Forwarded-For "[HTTP::header x-forwarded-for], [IP::client_addr]"

 

 

} else {

 

 

HTTP::header insert x-forwarded-for [IP::client_addr]

 

 

}

 

 

 

}

 

 

-------------------------------

 

 

Thanks you!

 

 

 

Miguel.