Different auth type per path/user-agent/header?

Question

Hi,&nbsp;Is there a way to force different authentication methods for different paths under the same VS?Or do the same, but per user-agent? Say SAML for Browsers, NTLM for everything else.I can't see anything under the policy builder, so maybe irules can do it somehow?(I don't want to use per-request policies, if possible)&nbsp;Thanks&nbsp;

petewhite · Answer

APM has this in the VPE as a client side check ( client Type and Client OS ), or you can check the landing URI to do different auth for the different paths.

ricardo_duarte · Answer

VPE will not work for me.I want to do something similar to what the "Exchange Profile" does: /activesync is basic ; /mapi is ntlm ; owa is web auth, etc.But I can't match paths/urls on per-session requests... At least I cant find a way to do it.

ricardo_duarte · Answer

Would this be a good option?&nbsp;Create a Standard VS with the VIPThen create multiple Internal VS with the same pool servers but different APM policiesThen route to the internal VS from the Standard VIP with iRules&nbsp;

petewhite · Answer

Hi Ricardo,

Yes, it would – or you can use the landing URI session variable within a policy.

Forum Discussion

Different auth type per path/user-agent/header?

4 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Bolt-on Auth with NGINX Plus and F5 Distributed Cloud

Python SDK Cookbook: Working with Auth Tokens

Insert Basic Auth Header

Client Auth Using HTTP Cookie

Proxy Auth

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS