Forum Discussion
Hello,
According to SSL standard, client has to be present the authentication certificate during the SSL handshake. Your request would only be doable with an iRule solution. Even then, you will allow all clients to complete the SSL handshake, and decide to drop some of them who do not present the required HTTP header with a correct value. Essentially, you're building a L7 whitelist solution where client access rights are determined by the value of a HTTP header.
To help you get started: The function to return the value of a particular HTTP header is
[HTTP::header value {MyHeader}]
when HTTP_REQUEST {
log local0. "The value of HTTP header MyHeader is <[HTTP::header value {MyHeader}]>"
Results are logged to /var/log/ltm. If the value is blank, the header was not found in client request.
}
Once you are at a point where you can see the actual certificates being logged to /var/log/ltm as the value of a HTTP header, I can help with the next step which is building a whitelist component of the iRule.