Forum Discussion

Nimbostratus

Apr 15, 2024

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

My need: I want to have one unique VIP to handle both non-secure traffic for UI service and also to secure API services. For the API, I have 2 cases: jwt is provided, I need to have the SSL::cert ...

security

doria786

Nimbostratus

Apr 18, 2024

In the HTTP_REQUEST event, we check if the clientId exists in the JWT claims. If it does, we require an SSL certificate. Otherwise, we ignore it. The URL path-based logic ensures that specific paths are handled differently. In the HTTP_REQUEST_SEND event, we handle the client certificate details.

caz
Nimbostratus
Apr 18, 2024
Thanks for the insight, any chance you share your irule logic?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Recent Discussions

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

F5 Switches in 'Changes Pending' Status

Related Content

SSL-Cert

SSL Cert expiration Tracker

LTM HA Pair SSL Certs

iRule to accept client then SSL cert validation

extract LTM VS ssl profile binding cert and key information to generate a json with python f5-sdk

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS