Forum Discussion
Joseph_White_20
Nimbostratus
NimbostratusTWO-WAY SSL fail with URI redirect
A few years ago we setup two-way SSL, X.509 as our security model for our web applications. All negotiation is handled at the F5. Current date, we have added a new endpoint to our web application that allows Basic Auth. http://example.com/bauth What I"m trying to figure out is this. If the URI contains /bauth, I don't want the two-way SSL to be invoked, I want it to be passed to the web application where it will do the authentication / authorization. If the two-way SSL HAS to be checked, can I perform an action via an irule that says "two way failed, but request has /bauth, so let it through anyway" Thank you in advanced.
If you setup the clientssl profile to request, rather than require the client cert, then you can use an iRule to require the cert for all paths other than /bauth. check out this link (scroll down to the 2nd example) https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx.
Let us know if you need any more help than that.
IheartF5_45022Nacreous
If you setup the clientssl profile to request, rather than require the client cert, then you can use an iRule to require the cert for all paths other than /bauth. check out this link (scroll down to the 2nd example) https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx.
Let us know if you need any more help than that.
Joseph_White_20Exactly what I needed. Thank you