LB decisions based on SSL CA and Common Name

mischa · October 6, 2013, 9:05am

#################################################
#
# aFleX script to make decisions based on the CA
# and Common Name of a Client Certificate.
#
`#################################################

when RULE_INIT { set ::DEBUG 0 }

when CLIENTSSL_CLIENTCERT { set CCcert [SSL::cert 0] set CCsubject [X509::subject $CCcert] if { $::DEBUG == 1 } { log "Client SSL Cert Subject: $CCsubject – Complete Cert: $CCcert" } }

when HTTP_REQUEST { if { [HTTP::uri] matches {/api/[0-9]} } { if { $CCsubject matches {<CA_SIGNER>} } { do something… if { $CCsubject matches {*} } { do something… } } else { if { $::DEBUG == 1 } { log "SSL Connection is dropped" } drop } } }`

Discussion		Replies	Views
insert the client SSL certificate into a header aFleX	0	252	October 1, 2011
Inserting the client certificate in a header aFleX	2	331	October 11, 2013
aFleX - Request client certificate to authenticate . aFleX aflex	0	563	November 3, 2015
Supporting multiple services selective client-ssl and server-ssl w/ single VIP aFleX aflex , class-list , slb-adc , tls-ssl	3	122	November 25, 2013
Source IP Load Balancing w/ class-list aFleX	3	271	October 27, 2015

LB decisions based on SSL CA and Common Name

Related topics