Forum Discussion

chin_15339's avatar
chin_15339
Icon for Nimbostratus rankNimbostratus
Apr 30, 2017

help required in elseif statement not working as expected

when RULE_INIT {

    set static::debug 1

}

when CLIENTSSL_CLIENTCERT {

Example Subject DN:  /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith

    set subject_dn [X509::subject [SSL::cert 0]] 

    if { $subject_dn != "" }{

            if { $static::debug }{ log "Client Certificate received: $subject_dn"}

    }

}
when HTTP_REQUEST {

    if { [HTTP::host] contains "192" } {

            if { $subject_dn contains "CN=Vinit-A" } {HTTP::redirect "/vinit-A.html"}

             if { $subject_dn contains "CN=Vinit-B" } {HTTP::redirect "/vinit-B.html"} 

              if { $subject_dn contains "CN=Vinit-D" } {HTTP::redirect "/vinit-C.html"} 

    } elseif { [HTTP::host] contains "168" }{

             if { $subject_dn eq "" } {HTTP::redirect "/Certmissing.html"} 

    }               

}

5 Replies

  • Hi,

    if you redirect to

    /vinit-A.html
    , redirect only
    /
    URI, else, the request to
    /vinit-A.html
    will be handle by the irule and will redirect to
    /vinit-A.html

    and use

    switch
    instead of
    if / elseif / elseif/ elseif

    when RULE_INIT {
        set static::debug 1
    }
    
    when CLIENTSSL_CLIENTCERT {
    
    Example Subject DN:  /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith
        set subject_dn [X509::subject [SSL::cert 0]] 
        if { $subject_dn != "" }{
                if { $static::debug }{ log "Client Certificate received: $subject_dn"}
        }
    }
    when HTTP_REQUEST {
    
        if { [HTTP::host] contains "192" && [HTTP::host] && [HTTP::host] equals "/" } {
            switch -glob -- $subject_dn {
            "*CN=Vinit-A*" {HTTP::redirect "/vinit-A.html"}
            "*CN=Vinit-B*" {HTTP::redirect "/vinit-B.html"}
            "*CN=Vinit-B*" {HTTP::redirect "/vinit-C.html"}
            }
        } elseif { [HTTP::host] contains "168" && [HTTP::host] equals "/" }{
                 if { $subject_dn eq "" } {HTTP::redirect "/Certmissing.html"} 
        }               
    }
    
  • thanks Stanislas but the rule is still not working when there is no client certificate presented I want the page to redirect to /Certmissing

     

    • Stanislas_Piro2's avatar
      Stanislas_Piro2
      Icon for Cumulonimbus rankCumulonimbus

      Hi,

      Can you explain what are 192 and 168 hostnames? (it make me think about 192.168.x.x).

      when RULE_INIT {
          set static::debug 1
      }
      
      when CLIENTSSL_CLIENTCERT {
      
      Example Subject DN:  /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith
          set subject_dn [X509::subject [SSL::cert 0]] 
          if { $subject_dn != "" }{
                  if { $static::debug }{ log "Client Certificate received: $subject_dn"}
          }
      }
      when HTTP_REQUEST {
      
          if { [HTTP::host] contains "192" && [HTTP::host] && [HTTP::uri] equals "/" } {
              switch -glob -- $subject_dn {
              "" {HTTP::redirect "/Certmissing.html"}
              "*CN=Vinit-A*" {HTTP::redirect "/vinit-A.html"}
              "*CN=Vinit-B*" {HTTP::redirect "/vinit-B.html"}
              "*CN=Vinit-B*" {HTTP::redirect "/vinit-C.html"}
              }
          } elseif { [HTTP::host] contains "168" && [HTTP::uri] equals "/" }{
                   if { $subject_dn eq "" } {HTTP::redirect "/Certmissing.html"} 
          }               
      }
      
    • chin_15339's avatar
      chin_15339
      Icon for Nimbostratus rankNimbostratus

      yes that is correct Stanislas we are trying this in our staging environment

       

    • chin_15339's avatar
      chin_15339
      Icon for Nimbostratus rankNimbostratus

      Hi Stanislas I tried your updated irule but sorry no luck it doesnt work as expected

       

      the redirects /vinit-A.html and /vinit-C.html and B works as expected but the missing Cert does not work