For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jason_Witt_4207's avatar
Jason_Witt_4207
Historic F5 Account
Oct 24, 2005

iRule to require SSL Client Certs for a URI

Working on developing a Rule based on the SSL Client Cert for URI in Docs and Tips. We first tried the rule verbatim with the exception of changing the URI to match what they wanted to protect. This...
application delivery
dev
devops
iRules
Jason_Witt_4207's avatar
Jason_Witt_4207
Historic F5 Account
Oct 25, 2005
I tried a bit more on this rule and I get varying results depending on which peer cert mode I start with in the clientssl profile.

 

 

For example if I start with ignore. Setting SSL::cert mode request and then forcing a renegotiation does not cause a prompt for a cert.

 

 

If I start with request, then all requests get prompted for SSL certs as expect, though the desired result is for only a specific URI path to request certs even.

 

 

One question I have is, Does the setting of auto for peer cert mode mean to ignore client certs unless I explictly turn them on in an iRule? The docs are a little unclear there.