TWO-WAY SSL fail with URI redirect

Question

A few years ago we setup two-way SSL, X.509 as our security model for our web applications. All negotiation is handled at the F5. Current date, we have added a new endpoint to our web application that allows Basic Auth. http://example.com/bauth
What I"m trying to figure out is this. 
If the URI contains /bauth, I don't want the two-way SSL to be invoked, I want it to be passed to the web application where it will do the authentication / authorization. 
If the two-way SSL HAS to be checked, can I perform an action via an irule that says "two way failed, but request has /bauth, so let it through anyway"
Thank you in advanced. &nbsp;

iheartf5_45022 · Accepted Answer

If you setup the clientssl profile to request,  rather than require the client cert,  then you can use an iRule to require the cert for all paths other than /bauth.  check out this link (scroll down to the 2nd example) https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx.&nbsp;
Let us know if you need any more help than that.&nbsp;

joseph_white_20 · Answer

Exactly what I needed. Thank you

Forum Discussion

TWO-WAY SSL fail with URI redirect

2 Replies

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

irule uri traffic redirection failing

URI host header redirect failing

Anchor Link Redirect

HTTP error 503, DNS lookup failed

Re activate license failed