Forum Discussion

Altostratus

Jun 04, 2014

Turn off client auth if uri equals

Customers connect to one IP. They connect with an app, not a browser. They use port 5443 to register (obtain a cert we issue) for the service, and port 443 for the actual service. register: https:/...

switch client ssl profiles

turn on client athentication

Kevin_Davies_40

Nacreous

Jun 24, 2014

The problem here is you want to make layer 7 decisions on something that has happened in the past. The SSL connection has already been negotiated. My recommendation is when you make your decision, redirect them to virtual servers which have the SSL setup the way you want it.

when HTTP_REQUEST {
  if {not ([HTTP::uri] eq "/register")} {
    HTTP::redirect "https://[HTTP::host]:4443/"
  }
}

Then on port 4443 setup a virtual server with 2way SSL to the same backend pool.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Turn off client auth if uri equals

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Load not equally distributed for server api calls

exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect

Upgrade APM edge client

F5 BIG-IP and NGINX - Securing Your AWS VPC Lattice Applications for External Clients

All Applications Are NOT Created Equal

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS