Forum Discussion

Cirrostratus

Sep 22, 2012

Sporadic TCL erros from iRule after upgrade to 11.2.0

Hi! We're using an irule to handle access to a webservice. The irule matches the client certificate DN against a list of allowed DNs, and is the only irule assigned to the VIP. After upg...

Cirrostratus

Sep 23, 2012

If the client resumes an existing SSL session, they wouldn't hit the CLIENTSSL_CLIENTCERT event as they don't present the cert for that connection. You could change your check in HTTP_REQUEST to verify the variable exists and is set to 1:


when HTTP_REQUEST {

if { [info exists client_cert_ok] and $client_cert_ok == 1 }{
 Allow request
} else {
HTTP::respond 403 content "Bad client certificate!"
}
}

Aaron

Forum Discussion

Sporadic TCL erros from iRule after upgrade to 11.2.0

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Disk space full - what files, folders are safe to delete?

Converting config to DO

Enterprise Security best practices with F5 WAF

Web acceleration

Related Content

Software Upgrade

Upgrade to 15.1.10

Getting Started with BIG-IP Next: Upgrading Instances

Getting Started with BIG-IP Next: Upgrading Central Manager

F5 LTM HA pair upgrade Automation using Python