Forum Discussion

Nimbostratus

Dec 23, 2009

Ip Restrict then client cert check

BigIP 8.3.3 and 8.4.1 (hopefully there is no difference) So here is what I want to do. If an IP is in a datagroup then passthrough but if not then authenticate with an SSL cert. I t...

Cirrostratus

Dec 29, 2009

If you want to use this simple iRule and two client SSL profiles, you'll need to set one profile to require a client cert in order to prevent a client without a client cert from accessing the pool. I'd suggest testing the client cert profile further without the iRule. Once you get that working, then you can test the iRule and both profiles.

If you'd like help testing the client cert profile issue, can you post an anonymized copy of the clientssl profile using 'b profile clientssl PROFILE_NAME list'?

Thanks,

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Ip Restrict then client cert check

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 XC 503 upstream_reset_before_response_started{protocol_error}

CVE mitigation on F5 XC vs classic F5 WAF

F5 mssql health monitor failing

Could not communicate with the system. Try to reload page.

UCS Encryption Question

Related Content

BIG-IP security hardening and compliance checks

Office 365 Tenant Restrictions

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

APM Policy with Restrict to single client IP

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS