Turn off client auth if uri equals

Try this (minor update):

when CLIENTSSL_CLIENTCERT {
    if { [SSL::cert count] < 1 } {
         if the client did not present a certificate - fail
        reject
    } else {
         do something with the cert here
    }
    HTTP::release
}
when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}
when HTTP_REQUEST {
     non-registration URI space requested and F5AUTH cookie does not exist - prompt for client certificate
    if { not ( [HTTP::uri] equals "/favicon.ico" ) and not ( [HTTP::uri] starts_with "/register" ) and not ( [HTTP::cookie exists F5AUTH] ) } { 
         invalidate SSL and renegotiate
        HTTP::collect
        SSL::session invalidate
        SSL::authenticate always
        SSL::authenticate depth 9
        SSL::cert mode require
        SSL::renegotiate
    } elseif { [HTTP::cookie exists F5AUTH] } {
         F5AUTH cookie exists - send HTTP header data
        if { [table lookup -subtable CERTDATA [HTTP::cookie value F5AUTH]] ne "" } {
            HTTP::header replace X-CLIENT-CERT [table lookup -subtable CERTDATA [HTTP::cookie value F5AUTH]] 
        }
    }

    if { [HTTP::uri] starts_with "/register" } {
        pool local-pool-2
    } else {
        pool $default_pool
    }
}
when HTTP_REQUEST_SEND {    
    clientside {
        if { ( [SSL::cert count] > 0 ) and not ( [HTTP::cookie exists F5AUTH] ) } {
             generate a GUID
            set uniqueid "_[string range [AES::key 256] 34 end]"

             add cert to local session table
            table add -subtable CERTDATA $uniqueid [X509::subject [SSL::cert 0]]
        }
    }
}
when HTTP_RESPONSE {
     if the uniqueid variable is set - send the F5AUTH cookie to client
    if { [info exists uniqueid] } {
        HTTP::header insert "Set-Cookie" "F5AUTH=$uniqueid; path=/; secure; HTTPOnly"
        unset uniqueid
    }
}