For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

psor_73734's avatar
psor_73734
Icon for Nimbostratus rankNimbostratus
Aug 18, 2009

client certificate authentication for a particular directory

Hi     I need to use client certificate authentication for a particular directory, for example:     on     https://demo.com (no authentication needed)   https://d...
config
design
psor_73734's avatar
psor_73734
Icon for Nimbostratus rankNimbostratus
Aug 19, 2009
Aaron,

 

 

I'm using LTM 9.44, I need to use ocsp verification, so for a particular directory (example.com/auth), but I dont know how to restrict this behavior (on ssl_profile) to a particular directory. I tried to use irule like this:

 

 

 

 

 

when CLIENTSSL_HANDSHAKE {

 

if { [SSL::cert count] > 0 } {

 

HTTP::release

 

}

 

}

 

when HTTP_REQUEST {

 

if {not ([HTTP::uri] starts_with "/abc/") }

 

{ if {[SSL::cert count] == 0} {

 

HTTP::collect

 

SSL::authenticate always

 

SSL::authenticate depth 9

 

SSL::cert mode require

 

SSL::renegotiate

 

}

 

}

 

}

 

 

But it dosen't work fine and it dosen't have the logic for ocsp verification.

 

 

Thanks you