Doing mTLS Authentication per URL

A customer asked if F5 supports mTLS Authentication per URL because some firewall vendors do not support this use case. At first, I thought it seems not possible because mTLS works at the lower OSI l...

Published Dec 05, 2022

Version 1.0

application delivery

Security

joko_yuliantoro

Employee

Joined July 15, 2019

View Profile

iamsajjad

Cirrus

Jun 27, 2023

First add a client SSL profile with client authentication none; but, CA bundle added.

Trick is to add few lines in HTTP_REQUEST in the iRule if uri matches certain pattern that will change authenticatio mode to required and SSL connection will be forced to renogotiate

Checkout few helpful articles:

https://community.f5.com/t5/technical-articles/selective-client-cert-authentication/ta-p/275555

https://community.f5.com/t5/technical-forum/client-authentication-with-certificate-on-one-uri-only/m-p/303435#M262827

Hope these help

Doing mTLS Authentication per URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS