Forum Discussion
jondyke_46152
Jan 24, 2011Nimbostratus
pass through client certificate irule
I am currenlty using the irule below for performing SSL passthrough on traffic. Is there any way I could midify this irule so that it only passed through SSL traffic that has a client certificate at...
Chris_Miller
Feb 08, 2011Altostratus
Posted By jondyke on 02/08/2011 05:41 AM
APM would definately sort the issue but there is no budget for this at the moment. The reason we wish to do this is that there is currenlty a project underway where we are creating a new website which will have multiple services. It is desirable to perform offload on this site to allow compression and other irules to be used.
Having a think about this a bit more would it be possible to do the following:-
Offload all SSL traffic with a client profile.
Check the now un-encrypted traffic to see if a client certificate is actually attached.
If there is a client certificate attached re-encrypt the traffic with a server SSL profile and send through to the servers (with the original client certificate included)
If no client certificate attached then pass traffic to pool over http
Thanks again
Jon
I can't think of any reason that wouldn't work. Unless others can think of something?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects