CREDCO_17916
Apr 07, 2008Nimbostratus
HTTPS URI re-direct and client certs
Hi,
I'm trying to create an iRule that parses a URI and sends the request to 1 of 2 pools based on the URI. Very straight forward. The first URI listed below requires a Client Cert. The second one does not.
1. /cc/listener - Send to pool 1 ** Requires Client Cert
2. /cc/secondaryuse - Send to pool 2
Here is the iRule I'm using:
when HTTP_REQUEST {
if { [HTTP::uri] contains "secondaryuse"} {
pool CCJAVABETA_EM_TEST
} else {
pool CCJAVABETA_TEST
}
}
Without client certs enabled the iRule works as expected. As soon as I enforce Client Certs in IIS for URI 1 , I start getting 404's when I hit URI 1. I do not get a 403.7 "The Page Requires a Client Certificate" error page that I would expect to see.
Here are some options I have enabled on the Virtual Server:
- Http profile - "http" (the default http profile)
- SSL Profile (client) - "clientssl"
- SSL Profile (server) - "serverssl"
Do I need to use a separate iRule to handle the Client Certs? Is there a setting on the BigIP that I'm missing? This seems like a very simple and common configuration, so I'm sure I'm forgetting something stupid. Any help would be appreciated.
Thanks