Forum Discussion

Nimbostratus

5 years ago

Help with irule for bypassing client authentication certificates by IP

Hello, I'm looking for help with an irule that will bypass the client authentication certificate for a group of ip addresses. Currently we have the client cert auth working with a client ssl profile...

Nimbostratus

5 years ago

Thank you for the response. Your answer helped me end up with the below. The key was that the ssl profile assigned to the VS had to be set to ignore.

when HTTP_REQUEST {

if {[HTTP::uri] starts_with "/uri1" || [HTTP::uri] starts_with "/uri2"} {

if {not [matchclass [IP::remote_addr] equals NOCERT_IP_LIST]} {

SSL::session invalidate

SSL::authenticate always

SSL::authenticate depth 9

SSL::cert mode require

set cmd "SSL::profile /Common/require_clientssl"

eval $cmd

SSL::renegotiate

event disable all

}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Help with irule for bypassing client authentication certificates by IP

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5

Related Content

Bypass certificate check

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS