Forum Discussion
akagik_172959
Nimbostratus
NimbostratusiRule for SSL certificate based on URL(path)
Hello everyone, I need to know whether is it possible to switch to use a client SSL certificate or not for same virtual IP based on URL(path) and then load balance them to two different pools.
I read...
xin_li_90490Nimbostratus
Nimbostratusyou can refer to this.
when CLIENT_ACCEPTED {
set collected 0
set protected 0
}
when HTTP_REQUEST {
if { [HTTP::uri] contains "/2" } {
set protected 1
log local0. "Protected URI requested: [HTTP::uri]"
set collected 1
HTTP::collect
SSL::authenticate once
SSL::authenticate depth 9
SSL::cert mode request
SSL::renegotiate
}
}
when CLIENTSSL_CLIENTCERT {
if { $collected eq 1 } {
log local0. "HTTP release"
HTTP::release }
if { $protected eq 1 } {
if { [SSL::cert count] < 1 } {
log local0. "No Certificate Provided for Protected URI"
}
else {
log local0. "Protected URI is accessed with client cert"
}
}
}
when HTTP_REQUEST_SEND {
clientside {
if { $protected eq 1 } {
if { [SSL::cert count] > 0} {
HTTP::header insert X-Client-Cert [b64encode [X509::whole [SSL::cert 0]]]
log local0. "cert=[X509::whole [SSL::cert 0]]"
} else {
HTTP::uri "/certError.html"
}
}
}
}
with a default configuration in client authentication area in client ssl profile, and using your default pool.
