Forum Discussion

Nimbostratus

Oct 14, 2015

Client Authentication Based On URI

Hello, Currently, to configure client authentication on a URI, we create 2 client SSL profiles (one of which is parent for the other) and 2 iRules that check a data group against the URI list. The ...

Kevin_Stewart

Employee

Oct 16, 2015

Interesting. I probably should have asked which BIG-IP version you're using. In any case, the above iRule appears to work in 11.6 and 12.0. Also, the SSL::renegotiate wiki page has a slightly different version of that iRule that you might want to try:

https://devcentral.f5.com/wiki/iRules.SSL__renegotiate.ashx

It uses the CLIENTSSL_HANDSHAKE event instead of the CLIENTSSL_CLIENTCERT event.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Client Authentication Based On URI

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Use of BIG-IP to authenticate API calls based on oAuth2.0 framework

Enhance your Application Security using Client-side signals

Client SSL Authentication - AWS API Gateway

Configuring an Application for Smart Card Authentication and Forms Based SSO Using a Static Username and Password

Use of NGINX Controller to Authenticate API Calls

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS