Forum Discussion

Nimbostratus

Jul 07, 2006

need a rule to force client certs

I am in an odd dilema. I need to write an iRule to do the same thing as 'require' setting does for client certs. Problem exists, because I need to require client certs by regulation, and one of th...

Nimbostratus

Jul 10, 2006

Thanks, that did get me started. Now I have this:

when HTTP_REQUEST {
if {[HTTP::uri] starts_with "/ASITE/" }
{HTTP::collect [HTTP::header Content-Length]
SSL::cert mode require
SSL::renegotiate}
else
{SSL::cert mode request
}
}

but it doesn't work.

Originally I had an HTTP::release after the SSL::cert mode request in the else statement, but I don't know what that's supposed to do.

On the server side, I've got the Apache set up, that when a call to /ASITE/ comes in, it redirects to the real site URI, so I figured, at that point it would only request the client cert, and not require it.

Thoughts?

Tom

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

need a rule to force client certs

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

T4 and ALL tenant images

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Related Content

Selective Client Cert Authentication

Extend visibility - BIG-IP joins forces with CrowdStrike

Client Cert Request by URI with OCSP Checking

Client Cert Fingerprint Matching via iRules

Request client cert auth based on URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS