matching two classes - iRule 10.2.4
I have the iRule working below with just CLASS-1. I am simply trying to say CLASS-1 OR CLASS-2, but having trouble getting F5 to take it. Do I need to set a variable or something like an elseif?
when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] > 0}{
if { ! ( [class match [substr [X509:subject [SSL::cert 0]] 3 ","] equals CLASS-1 ] || {![class match [substr [X509:subject [SSL::cert 0]] 3 ","] equals CLASS-2 ] } ) } {
log local0. "Client dropped :[substr [X509::subject [SSL::cert 0]] 3 ","]"
drop
}
}
}
b class CLASS-1 '{
{
"11111"
"CN=,OU=xxxxx"
"Requestor1"
"cert-subject-name" { "Details" }
}
}'
b class CLASS-2 '{
{
"22222"
"CN=,OU=yyyyy"
"Requestor2"
"cert-subject-name" { "Details" }
}
}'
Thanks!