Jump to content

Convert Irules for X-Client-Cert-Id and X-Client-IP header

Recommended Posts



I  plan to migrate an apps from F5 to Citrix, but i have a problem with converting Irules. the following is attached the existing irules configuration


    if { [session lookup ssl [SSL::sessionid]] ne "" } {
    HTTP::header insert X-Client-Cert-Id [X509::serial_number [session lookup ssl [SSL::sessionid]]]
    HTTP::header insert  X-Real-IP {IP::client_addr]

#log local0. "HTTP request from [IP::client_addr]"

#log local0. "X-Client-Cert-Id: [X509::serial_number [session lookup ssl [SSL::sessionid]]]"

#log local0. "X-Real-IP: [IP::client_addr]"

log local0. "X-Forwarded-For: [HTTP::header X-Forwarded-For"




How to Converting that F5 Irules  to Citrix ADC Netscaler?









Link to comment
Share on other sites

I  Never have experience in Client Cert Header implementation, but i try to Convert Irules based on article that you posted for X-Client-Cert-Id


add ssl policy X-Client-Cert-Pol -rule "HTTP.REQ.HEADER(\"X-Client-Cert-Id\").EXISTS" -action X-Client-Cert
> show ssl action
1)      Name: X-Client-cert
        Type: Data Insertion
        Session-ID Header: ENABLED      Session-ID Tag:
        Cert Header: ENABLED            Cert Tag: X-Client-Cert-Id
        Cert Serial Number: ENABLED     Cert Serial Number Tag:
        Hits: 0
        Undef Hits: 0
        Action Reference Count: 1

Is it already similar with F5 Irules?



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...