F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

mikegray_198028's avatar
mikegray_198028
Icon for Cirrus rankCirrus
Apr 25, 2016

client authentication/user authentication certificates

Hello team,   We have 6 external users/vendors using single vip to access the application like below and we are using client ssl authentication, Can we do any user based validation and allow the c...
application delivery
iRules
LTM
Josiah_39459's avatar
Josiah_39459
Historic F5 Account
Apr 26, 2016

Yes, you can. All the information from the client cert authentication is stored in session variables (you can verify this in the reports in the GUI or the 'sessiondump' command via the CLI). Then you can use those session variables in the Advanced Resource Assign to assign different ACLs to different users.

 

  • mikegray_198028's avatar
    mikegray_198028
    Icon for Cirrus rankCirrus
    Apr 26, 2016
    We have only LTM module at present
  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account
    Apr 26, 2016
    Then you'll want to use an irule. Take a look at the examples in CLIENTSSL_CLIENTCERT: https://clouddocs.f5.com/api/irules/CLIENTSSL_CLIENTCERT.html However, if you really need to block urls for security reasons you will want to consider more than just an irule, some real security solution.