Internet_Suppo1
Sep 01, 2017Nimbostratus
How to use two ssl profiles depending on connecting address
Morning All,
I'm trying to edit the iapp template.
What I would like to do is implement certificate pinning for all clients except from certain network ranges.
Eg for connections from
134.170.98.0/24
157.56.199.0/24
134.170.70.0/24
......
Do not require specific certificate on the client device's.
For all other connections require a specific certificate. I know I can add certificate requirement to the ssl profile. I'm guessing I need to create two ssl profiles one with cert pinning and the other without, but a bit lost on how to implement in the irule. Any suggestions?
Existing Irule without changes
Exchange 2013 iRule to select pool without persistence when all Exchange
HTTP-based services are accessed through the same virtual server.
when HTTP_REQUEST {
switch -glob -- [string tolower [HTTP::path]] {
"/microsoft-server-activesync*" {
pool /Common/EXO.app/EXO_as_pool7
COMPRESS::disable
CACHE::disable
return
}
"/owa*" {
return
}
"/ecp*" {
Exchange Control Panel.
return
}
"/ews*" {
Exchange Web Services.
pool /Common/EXO.app/EXO_ews_pool7
COMPRESS::disable
CACHE::disable
return
}
"/oab*" {
Offline Address Book.
pool /Common/EXO.app/EXO_ews_pool7
persist none
return
}
"/rpc/rpcproxy.dll*" {
Outlook Anywhere.
COMPRESS::disable
CACHE::disable
return
}
"/autodiscover*" {
Requests for Autodiscovery information.
pool /Common/EXO.app/EXO_ad_pool7
persist none
return
}
default {
}
}
}
when HTTP_RESPONSE {
if { ( [HTTP::header exists "WWW-Authenticate"] &&
[string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate" ) ||
( [HTTP::header exists "Persistent-Auth"] &&
[string tolower [HTTP::header "Persistent-Auth"]] contains "true" ) } {
ONECONNECT::reuse disable
ONECONNECT::detach disable
NTLM::disable
}
if {[HTTP::header exists "Transfer-Encoding"]} {
HTTP::payload rechunk
}
}
"
Many Thanks, Andrew.