For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Jan 24, 2011

pass through client certificate irule

I am currenlty using the irule below for performing SSL passthrough on traffic. Is there any way I could midify this irule so that it only passed through SSL traffic that has a client certificate at...
application delivery
dev
devops
iRules
jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Feb 08, 2011
APM would definately sort the issue but there is no budget for this at the moment. The reason we wish to do this is that there is currenlty a project underway where we are creating a new website which will have multiple services. It is desirable to perform offload on this site to allow compression and other irules to be used.

 

 

Having a think about this a bit more would it be possible to do the following:-

 

 

Offload all SSL traffic with a client profile.

 

Check the now un-encrypted traffic to see if a client certificate is actually attached.

 

If there is a client certificate attached re-encrypt the traffic with a server SSL profile and send through to the servers (with the original client certificate included)

 

If no client certificate attached then pass traffic to pool over http

 

 

Thanks again

 

 

Jon