chin_15339
May 01, 2017Nimbostratus
redirect irule when an client certificate is missing
there are two parts to the requirement 1: when the Cert is missing the redirect should be /certnotavailable - this part is not working. 2: when a cert CN:X then redirect should be /X and when CN:Y redirect should be /Y this is working fine.
Below is the Irule :
when RULE_INIT {
set static::debug 1
}
when CLIENTSSL_CLIENTCERT {
set subject_dn [X509::subject [SSL::cert 0]]
if { $subject_dn != "" }{
if { $static::debug }{ log "Client Certificate received: $subject_dn"}
}
}
when CLIENTSSL_HANDSHAKE {
if { [SSL::verify_result] == !0 } then {set clientCRT 1} else {set clientCRT 0} }
when HTTP_REQUEST {
switch -glob -- $subject_dn {
"*CN=Vinit-A*" {HTTP::redirect "/vinit-A.html"}
"*CN=Vinit-B*" {HTTP::redirect "/vinit-B.html"}
"*CN=Vinit-B*" {HTTP::redirect "/vinit-C.html"}
default {HTTP::redirect "/Certmissing.html"}
}
}