How to bypass default two way SSL authentification on a specific URI pattern on a same virtual server, ie. same client ssl profile

Ultimately you'd want to switch the client SSL profile, or make a setting change based on the URI evaluation, but as Steve states, SSL negotiation happens before HTTP, so it's not really possible. There are alternatives though.

1. You can use SSL:: commands in an iRule to trigger a renegotiation and cert request based on request criteria. There's no way to alter the original SSL handshake, but you can cause a renegotiation and change the authentication settings there. The wiki page for SSL::authenticate actually has a good example:

https://devcentral.f5.com/wiki/iRules.SSL__authenticate.ashx

1. The Access Policy Manager (APM) module can perform this SSL renegotiation and client certificate request very easily without iRules. APM evaluates authentication at the beginning of the session, so in your case, because you might have users pass from a non-authenticated to an authenticated URI during the session, you'd still need an iRule to trigger access policy renegotiation.