rraver_79489
May 05, 2009Nimbostratus
iRule doesn't work with 2k3 server
We have the below iRule that seems to work with all clients except for 2k3 server, we've tried it on a default install using internet explorer 7 and it pauses when we hit login. This iRule works with Windows XP, Vista, and 2k3 server using firefox. Anyone know or have any ideas why this wouldn't work?
when HTTP_REQUEST {
log "Handling HTTP_REQUEST"
Always loop to remove possible multiple occurrences of header
while { [HTTP::header exists X.509] } {
HTTP::header remove X.509
}
Conditionally request a client cert
if {([HTTP::uri] starts_with "/acct/login.action" || [HTTP::uri]
starts_with "/acct/registration") && [SSL::cert count] == 0} {
log "Authentication desired."
log "Requesting authentication."
Hold the HTTP request
HTTP::collect
log "HTTP::collect enabled."
SSL::cert mode request
log "SSL::cert mode set."
Renegotiate SSL
SSL::renegotiate
log "SSL::renegotiate requested."
}
log "Handler completed."
}
when CLIENTSSL_CLIENTCERT {
log "Handling CLIENTSSL_CLIENTCERT"
HTTP::release
log "Handler completed."
}
when HTTP_REQUEST_SEND {
log "Handling HTTP_REQUEST_SEND"
clientside {
if {[SSL::cert count] > 0} {
log "Certificate presented."
If the client provided a cert, pass it along
set val [b64encode [SSL::cert 0]]
Also include other certs in the chain it provided
for { set i 1 } { $i < [SSL::cert count] } { incr i } {
append val "; " [b64encode [SSL::cert $i]]
}
Stuff it all in the header, with folding because it's long
HTTP::header insert "lws" X.509 $val
}
}
log "Handler completed."
}