Client Cert authentication for specific url issues. curl breaks
I have an odd use case, moved a site from Apache that had a Location setting that would require client authentication for only a specific uri "/transout", and not prompt for a cert for any other requests.
So I created a rather simple APM policy of "On Demand Cert Auth" and a Variable Assign to log the user request in the APM policy.
Then in an irule:
if { [string tolower [HTTP::path]] contains "/transout" } {
HTTP::header insert "clientless-mode" 1
ACCESS::enable} ACCESS::disable
This works fine for a browser, but curl just breaks on a 302 to my.policy, even with a -L to follow redirects, then to a /my.logout.php3?errorcode=19. The apm log only logs that there's a new session from Clientip. Log statements on the fail branch of on-demand cert auth don't execute.
Is there a better way to protect only that /transout url?