Client SSL profile based on uri

Question

Hello team,&nbsp;I have two client ssl profile one with client authentication and another without client authentication, can we select these profiles based on uri? F5 OS version 14.1.2&nbsp;I tried with iRule for SSL::cert mode request but the browser not requesting for the certificate.&nbsp;when CLIENTSSL_CLIENTCERT { set ssl_cert [SSL::cert 0] } when HTTP_REQUEST {&nbsp;&nbsp;if { [string tolower [HTTP::uri]] starts_with "/test" }&nbsp;&nbsp;&nbsp;&nbsp;{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HTTP::collect&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::authenticate always&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::authenticate depth 9&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::cert mode request&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::renegotiate&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HTTP::header insert clientcert "[IP::client_addr]:[TCP::client_port]: cert 0; subject=[X509::subject [SSL::cert 0]];[X509::issuer [SSL::cert 0]]; cert_serial=[X509::serial_number [SSL::cert 0]];"&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;&nbsp;}

dario_garrido · Answer

Hello VishnuVG.&nbsp;Use require instead of request.&nbsp;This example should suit your requirements.REF - https://clouddocs.f5.com/api/irules/SSL__renegotiate.html&nbsp;Regards,Dario.

Forum Discussion

Client SSL profile based on uri

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

irule to enable http/2 acceleration

VS FORWARDING & ROUTE

Statistics ›› Analytics : HTTP : Overview

SNI Sites not taking correct certificate.

Related Content

iRule based RADIUS Client Stack

Stop Using the Base TCP Profile!

Client SSL Profile

TLS server_name extension based routing without clientssl profile

Client vs Server SSL profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS