For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

faizan123_23330's avatar
faizan123_23330
Icon for Nimbostratus rankNimbostratus
Sep 05, 2016

SSL mutual authentication against the pool

we have configured a HTTPS virtual server on the f5 and we add a proxy pass(i-rule) and client side SSL certificate against that server.   in the i rule we have configured   when HTTP_REQUE...
application delivery
BIG-IP
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 05, 2016

The issue here is that you cannot make a layer 6 (SSL) decision based on layer 7 (HTTP) information, simply because you don't have the layer 7 information until you've already made the layer 6 decision. At best you can make a decision based on layer 3 and 4 information (IPs and port) and potentially even layer 6 information (SNI).

 

You could simply force requests to a specific URI to redirect to another VIP that does mutual auth.