For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tan_95038's avatar
Tan_95038
Icon for Nimbostratus rankNimbostratus
Oct 09, 2013

irule to select different SSL profiles based on the Client IP address

Hi wondering if anyone can help , I got requirement to enable client authentication on one of the URL, But only apply to one of the client , the rest are still keep using existing profile. so i will ...
application delivery
devops
iRules
Tim_Enos_126618's avatar
Tim_Enos_126618
Icon for Nimbostratus rankNimbostratus
Oct 09, 2013

Yes, which SSL profile is used is determined by the iRule. You don't need to configure a default one, though it doesn't harm anything if you do.

 

For what it's worth, I'm using such an iRule for a purpose similar to yours:

 

when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals "private_net"] } { SSL::profile A } else { SSL::profile B } }

 

leira_6079's avatar
leira_6079
Icon for Nimbostratus rankNimbostratus
Aug 12, 2015
I realized this was an old post. The profile set in the CLIENT_ACCEPTED event occurred before ssl negotiation happen. I wonder why do you need SSL:renegotiate in the subsequent HTTP_REQUEST event.