James_Thomson
Jan 06, 2005Employee
Make sure client cert data passed in header to server isn't coming from client?
When BigIP is configured for client side certs and is extracting fields from the client cert and placing them in http headers to pass downstream, does it have any way of determining or checking that the headers it passed are the ones it generated and not something that somehow got passed thru the box?
For example, if I had a rule that would search client certificate information and pull out the username and DN and then create an http header called "myheader" and insert that data in there, could I preface that rule with a piece that should first, check to see if someone is trying to send an http header "myheader" and delete it if it exists?
Would it be easier to create an http profile and just have it erased there?