Jump to content

Convert Irules for X-Client-Cert-Id and X-Client-IP header


Recommended Posts

Hi,

 

I  plan to migrate an apps from F5 to Citrix, but i have a problem with converting Irules. the following is attached the existing irules configuration

 

when HTTP REQUEST {
    if { [session lookup ssl [SSL::sessionid]] ne "" } {
    HTTP::header insert X-Client-Cert-Id [X509::serial_number [session lookup ssl [SSL::sessionid]]]
    HTTP::header insert  X-Real-IP {IP::client_addr]

#log local0. "HTTP request from [IP::client_addr]"

#log local0. "X-Client-Cert-Id: [X509::serial_number [session lookup ssl [SSL::sessionid]]]"

#log local0. "X-Real-IP: [IP::client_addr]"

log local0. "X-Forwarded-For: [HTTP::header X-Forwarded-For"

}

}

 

How to Converting that F5 Irules  to Citrix ADC Netscaler?

 

Thanks

 

 

 

 

 

image.png

Link to comment
Share on other sites

I  Never have experience in Client Cert Header implementation, but i try to Convert Irules based on article that you posted for X-Client-Cert-Id

 

add ssl policy X-Client-Cert-Pol -rule "HTTP.REQ.HEADER(\"X-Client-Cert-Id\").EXISTS" -action X-Client-Cert
> show ssl action
1)      Name: X-Client-cert
        Type: Data Insertion
        Session-ID Header: ENABLED      Session-ID Tag:
        Cert Header: ENABLED            Cert Tag: X-Client-Cert-Id
        Cert Serial Number: ENABLED     Cert Serial Number Tag:
        Hits: 0
        Undef Hits: 0
        Action Reference Count: 1
 

Is it already similar with F5 Irules?

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...