iRule 翻译：反转字符串并插入证书信息到HTTP头部

{proc ReversedList mystrOrig { ' 将原始字符串按逗号分割为列表 set mymystrReversed [split $mystrOrig ','] ' 创建空列表 set listReversed [list ] ' 倒序遍历原始列表，将每个元素添加到新列表中 for { set i [llength $mymystrReversed] } { [incr i -1] >= 0 } {} { lappend listReversed [lindex $mymystrReversed $i] } ' 将新列表中的元素用逗号连接为字符串 set strReversed [join $listReversed ','] ' 返回倒序后的字符串 return $strReversed }

' 当收到HTTP请求时 when HTTP_REQUEST { ' 如果URI中不包含CUPSecureSR/servlet，则丢弃请求 if { [ findstr [HTTP::uri] 'CUPSecureSR/' 12 7] != 'servlet' } { discard } ' 获取客户端证书 set cert [SSL::cert 0] ' 如果存在客户端证书 if { $cert != '' } { ' 在HTTP头中插入主题、序列号、颁发者、有效期等证书信息 HTTP::header insert subject [call ReversedList [X509::subject $cert]] HTTP::header insert serial_number [X509::serial_number $cert] HTTP::header insert issuer [call ReversedList [X509::issuer $cert]] HTTP::header insert not_valid_before [X509::not_valid_before $cert] HTTP::header insert not_valid_after [X509::not_valid_after $cert] } else { ' 如果不存在客户端证书，则记录日志，使SSL会话失效并重新协商SSL连接 log local0. 'NO CLIENT CERT!' log local0. 'HTTP uri = [HTTP::uri]<--->SSL COUNT = [SSL::cert count]<--->SessionID = [SSL::sessionid]<--->Client Addr = [IP::client_addr]' log local0. '-----------SSL was renegotiated.' SSL::session invalidate SSL::renegotiate } }