Forum Discussion
CirrusBypass certificate prompt if URI contains a specific word
The customer has requested that when traffic arriving with a specific word in the URI then need to disable the prompt for a certificate.
https://www.example.com <--Prompt for certificate
https://www.example.com/api <--Do not prompt for a certificate.
I looked at comments about iRules, but I think APM will work better. I am not that well versed on APM, except for some basic configurations that I have found through F5/Dev Central.
any suggestions or pointers are appreciated.
4 Replies
- Injeyan_Kostas
Nacreous
Indeed an APM per request policy would be better to be used.
But you handle this case with irule too. Check this https://clouddocs.f5.com/api/irules/SSL__authenticate.html
steven_normoleI agree the iRule would handle it and i appreciate. I am looking for guidance to construct an APM to handle this request. I am not experience in creating complicated APM. If there is any links or good articles to help me I would greatly apprecaite it.
- Injeyan_Kostas
I doubt you will find an article describing your exact case.
As I said you need to use a Per Request Policy with Url Branching and On Demand Cert Auth
Keep in mind that a Per session policy is mandatory in order to use a per request one. But this per session policy could just be empty with a default accept ending.You also need to have a Client SSL profile where you will define your trusted CA and set Client Certificate to ignore.
To help you more you per request policy could look like this
while per session could be as simple as this
- Melissa_C
Moderator
Hello steven_normole,
Thank you for posting to our community. I see that Injeyan_Kostas has given you some guidance and documents to assist you with your questions. I wanted to see if these have provided the answer you are looking for? If so I would like to encourage you to mark the solution. This will allow for you and other members who may have this question in the future.
-Melissa
