RiverFish
Oct 26, 2012Altostratus
Any incoming request (not just the initial connection)
One of the software guys has presented the following to me. Any help would be much appreciated!
"I think part of what might be going on with this is that HTTP 1.1 does not require a new connection with each request. This means that a tcp connection is made, but then there may be multiple request/response pairs that are sent. If the security subject is only being passed through on the initial connection, then you would get the behavior we are seeing. (Note that I am trying to guess backwards from symptom to problem…not something I like doing).
What we actually need is for any incoming request (not just the initial connection) the subject header from the certificate needs to be added.
I guess in this direction because Bill is telling me that when he restarts SOAPUI, it will go back to working once for him. This tells me that either:
1.In spite of SOAPUI saying that it is going to close connections after each request…it isn’t.
2. The F5 is doing something overly smart in relation to Bill and his session (unlikely)."
Below is the irule currently assigned to the VIP:
when CLIENTSSL_CLIENTCERT {
set cert_subject [X509::subject [SSL::cert 0]]
if { $cert_subject == "" }
{ log "[IP::client_addr]:[TCP::client_port]: No client cert found!"}
}
when HTTP_REQUEST {
if { [info exist cert_subject] } {
HTTP::header insert SSLClientCertSubject $cert_subject
return
}
}