URI based client SSL authentication
I need to implement the following:
The customer runs a bunch of applications on the same virtual server, differenciated by the URI, as follows:
Now, the customer wants to ensure that access to app1 and app2 is publically available, but access to app3 is restricted to a single client IP address (easy) and calls for client authentication via SSL certificate (difficult).
I suppose I'm running into some kind of hen/egg problem here, needing to complete the SSL handshake before being able to decrypt the URI... Any idea how to solve this?
I thought about dynamically changing the SSL profile when the URI /app3/ is being called and then force the client to re-connect. How would I put that into iRule code?
Many thanks in advance!