Forum Discussion

Cirrus

Feb 14, 2023

[HELP PLEASE!] Client Certificate Validation based on URI

Hello! I need help making an iRule that does the following: 1 - if the request goes to "/auth" the client's certificate is not validated, but when BIG-IP forwards a request to the API server in the...

devops

Andreia

Cirrus

Feb 14, 2023

when CLIENT_ACCEPTED {
set session_flag 0
}
when CLIENTSSL_HANDSHAKE {
if { [SSL::cert count] != 0 } {
log "Client cert is OK; releasing HTTP request."
HTTP::release
}
}
when HTTP_REQUEST {
if { ![HTTP::uri] starts_with "/auth" } {
log "Certificate required for: [HTTP::uri]"
if { [SSL::cert count] == 0} {
log "No cert found. Holding HTTP request until a client cert is presented..."
HTTP::collect
set session_flag 1
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
}
else {
log "No certificate needed for: [HTTP::uri]"
}
}

When I make a request for the /auth URI there is no browser pop-up to select the client certificate.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

[HELP PLEASE!] Client Certificate Validation based on URI

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Re: Management Certificate

Validate Certificate Common Name and Revocation Status

Certifications for security professionals

Certificate Expiry Email alert configuration

Update Template Validity

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS