Hille_de_Graaf_
Aug 08, 2006Nimbostratus
Converted V4 irules not working in V9
I posted this before but the solution I got is not working.
The situation is as follows:
Clients are requested for a client cert, and if that's ok, than they can go on to the protected website. This worked fine in V4 with the following irule:
if (http_header("SSLClientCertStatus") == one of ccert_ok) {
use pool Portal-apps
}
else if (http_header("SSLClientCertStatus") == "NoClientCert") {
redirect to "https://portal.rdc.nl/errors/nocert.htm"
}
else {
redirect to "https://portal.rdc.nl/errors/cert_error.htm"
}
The above irule was converted by Joe in the following V9 irule:
when HTTP_REQUEST {
set hdr [HTTP::header "SSLClientCertStatus"]
if { [matchclass $hdr equals $::ccert_ok] } {
pool Portal-apps
} elseif { $hdr equals "NoClientCert" } {
HTTP::redirect "https://portal.rdc.nl/errors/nocert.htm"
} else { HTTP::redirect "https://portal.rdc.nl/errors/cert_error.htm" }}
But that didn't work. I also used "log Local0." to see the value of $hdr, but I found out that there was no "SSLCLientCertStatus" in the HTTP::header, so the value was empty
I also tried the following irule:
when CLIENTSSL_CLIENTCERT {
set result [X509::verify_cert_error_string [SSL::verify_result]]
}
when HTTP_REQUEST {
if { $result eq "ok" } {
use pool test-pool
log local0. "de waarde van het certificaat is: $result" }
elseif { $result eq "NoClientCert" } {
HTTP::redirect "https://portal.rdc.nl/errors/nocert.htm"
log local0. "NoClientCert waarde is: $result" }
else {
HTTP::redirect "https://portal.rdc.nl/errors/cert_error.htm"
log local0. "Error waarde is: $result" }
}
This works only once, and after the login on the server I got redirected toward the error page and I also receive the following logging in the /var/log/ltm:
Aug 8 08:19:29 tmm tmm[743]: Rule clientssl_clientcert_test : de waarde van het certificaat is: ok
Aug 8 08:19:51 tmm tmm[743]: 01220001:3: TCL error: Rule clientssl_clientcert_test - can't read "result": no such variable while executing "if { $result eq "ok" } { use pool test-pool log local0. "de waarde van het certificaat is: $result" } elseif { $result eq "NoClientCert"..."
Can somebody please help me