Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Ryan_Rowe_79249's avatar
Ryan_Rowe_79249
Icon for Nimbostratus rankNimbostratus
Dec 23, 2009

Ip Restrict then client cert check

BigIP 8.3.3 and 8.4.1 (hopefully there is no difference) So here is what I want to do. If an IP is in a datagroup then passthrough but if not then authenticate with an SSL cert. I t...
application delivery
dev
devops
irules
Ryan_Rowe_79249's avatar
Ryan_Rowe_79249
Icon for Nimbostratus rankNimbostratus
Dec 29, 2009
So this is what I did and it seems not to work...both profiles work but not the Irule.

 

 

when CLIENT_ACCEPTED {  
    if { [matchclass [IP::client_addr] equals $::Test_IPs]} {  
      SSL::profile NoBrowserCert  
    } else {  
      SSL::profile BrowserCert  
    }  
  }  
    
  when HTTP_REQUEST {  
    SSL::renegotiate  
  }

 

 

I got this from http://devcentral.f5.com/wiki/default.aspx/iRules/SSL__profile.html

 

 

*edit...Fix the code too many brackets. But I have another issue..It continues to use my noBrowserCert when I try and switch.