Forum Discussion

Nimbostratus

Sep 22, 2020

Help with irule for bypassing client authentication certificates by IP

Hello, I'm looking for help with an irule that will bypass the client authentication certificate for a group of ip addresses. Currently we have the client cert auth working with a client ssl profile...

Nimbostratus

Oct 16, 2020

Thank you for the response. Your answer helped me end up with the below. The key was that the ssl profile assigned to the VS had to be set to ignore.

when HTTP_REQUEST {

if {[HTTP::uri] starts_with "/uri1" || [HTTP::uri] starts_with "/uri2"} {

if {not [matchclass [IP::remote_addr] equals NOCERT_IP_LIST]} {

SSL::session invalidate

SSL::authenticate always

SSL::authenticate depth 9

SSL::cert mode require

set cmd "SSL::profile /Common/require_clientssl"

eval $cmd

SSL::renegotiate

event disable all

}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Help with irule for bypassing client authentication certificates by IP

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Bypass certificate check

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Bypass Azure Login Page with OAuth login_hint on F5 BIG-IP APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS