For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Andreia's avatar
Andreia
Icon for Cirrus rankCirrus
Feb 13, 2023

NGINX vs. iRule - Client certificate validation based on URI and other things

Hi everyone! I need help to "translate" an NGINX configuration to an iRule: If the request is /auth, there is no client certificate validation, but the request is redirected to https://api-dev.acme...
devops
Leslie_Hubertus's avatar
Leslie_Hubertus
Ret. Employee
Feb 28, 2023

Hey Andreia  - were you able to figure it out? I've sent this thread to a colleague to see if they can offer some help.

  • Andreia's avatar
    Andreia
    Icon for Cirrus rankCirrus
    Feb 28, 2023

    Ih, Leslie_Hubertus.

    I have read every possible article on the subject, but I have not been able to solve it.

    I quote the NGINX code because there it is very simple to do "If URI /auth, then validates the client's certificate, any other URI does not."

    In BIG-IP it is being a bad experience. Enriching, but bad.

    The iRule works, but I have a problem with the list of client certificates. Because I need to validate ANY client certificate data. And not just DNs, or Issuers, or serial, etc. that I can put in a list or datagroup.
    I need to read the "Trusted Certificate Authorities" in the SSL Client Profile, but through an IRule. It is possible?

    Thank you!