Forum Discussion

Altostratus

Jun 04, 2014

Turn off client auth if uri equals

Customers connect to one IP. They connect with an app, not a browser. They use port 5443 to register (obtain a cert we issue) for the service, and port 443 for the actual service. register: https:/...

switch client ssl profiles

turn on client athentication

Kevin_Davies_40

Nacreous

Just brainstorming here.... you will have to use a less secure profile until they come in then change the profile and force a SSL::renegotiate if they are not using /register. Something like...

when HTTP_REQUEST {
  if {!([HTTP::uri] eq "/register")} {
    SSL::profile ssl_2way
    SSL::renegotiate
  }
}

But this will make normal connections take longer to establish as a result because its a two step process for them instead of one.

Kevin_Davies_40

Nacreous

Jun 17, 2014

This assumes your application is sending HTTP traffic.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Turn off client auth if uri equals

Recent Discussions

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

DEVICE-0202 Error while adding rSeries as a provider in CM

Related Content

Enhance your Application Security using Client-side signals

Configuring APM Client Side NTLM Authentication

JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo)

F5 VPN Client from Raspberry Pi

Hide uri on client side

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS