Forum Discussion

Altostratus

Jun 04, 2014

Turn off client auth if uri equals

Customers connect to one IP. They connect with an app, not a browser. They use port 5443 to register (obtain a cert we issue) for the service, and port 443 for the actual service. register: https:/...

switch client ssl profiles

turn on client athentication

Kevin_Stewart

Employee

Jun 27, 2014

Three things:

The HTTP::header insert SSLClientCertSubject string appears to be the biggest issue. Since you're generating the SSL renegotiation in this condition, there's no certificate data yet.
The header scrub/insert stuff shouldn't be killing the connection where they are, but they're not going to do what you'd expect since that condition is causing an SSL renegotiation (which exits the event). At what point are you trying to insert a header?
If you look at the if { [HTTP::uri] starts_with "/register" } section, you still have "pool local-pool-2" assigned, which works in my environment, but not likely in yours.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Turn off client auth if uri equals

Recent Discussions

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

DEVICE-0202 Error while adding rSeries as a provider in CM

Related Content

Enhance your Application Security using Client-side signals

Configuring APM Client Side NTLM Authentication

JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo)

F5 VPN Client from Raspberry Pi

Hide uri on client side

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS