Forum Discussion
chin_15339
Apr 30, 2017Nimbostratus
thanks Stanislas but the rule is still not working when there is no client certificate presented I want the page to redirect to /Certmissing
- Stanislas_Piro2Apr 30, 2017Cumulonimbus
Hi,
Can you explain what are 192 and 168 hostnames? (it make me think about 192.168.x.x).
when RULE_INIT { set static::debug 1 } when CLIENTSSL_CLIENTCERT { Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith set subject_dn [X509::subject [SSL::cert 0]] if { $subject_dn != "" }{ if { $static::debug }{ log "Client Certificate received: $subject_dn"} } } when HTTP_REQUEST { if { [HTTP::host] contains "192" && [HTTP::host] && [HTTP::uri] equals "/" } { switch -glob -- $subject_dn { "" {HTTP::redirect "/Certmissing.html"} "*CN=Vinit-A*" {HTTP::redirect "/vinit-A.html"} "*CN=Vinit-B*" {HTTP::redirect "/vinit-B.html"} "*CN=Vinit-B*" {HTTP::redirect "/vinit-C.html"} } } elseif { [HTTP::host] contains "168" && [HTTP::uri] equals "/" }{ if { $subject_dn eq "" } {HTTP::redirect "/Certmissing.html"} } }
- chin_15339Apr 30, 2017Nimbostratus
yes that is correct Stanislas we are trying this in our staging environment
- chin_15339Apr 30, 2017Nimbostratus
Hi Stanislas I tried your updated irule but sorry no luck it doesnt work as expected
the redirects /vinit-A.html and /vinit-C.html and B works as expected but the missing Cert does not work