Forum Discussion

Nimbostratus

Mar 26, 2009

Set ssl to require and pass cert when uri /manual

Hi devcentral I try to write a I-rule that change ignore to require in SSLclient profile. I think Iḿ on the right track, but backend seems to be very slow and ask for cert all the time....

Nimbostratus

Oct 15, 2009

Hi,

The result was that certificate info never reached the backend server (if I rember it right). Problem are solved and I use an I-rule looking something like this.

when CLIENTSSL_CLIENTCERT {

HTTP::release

if { [SSL::cert count] < 1 } {

reject

}

when HTTP_REQUEST {

if { [HTTP::uri] starts_with "/manual" } {

if { [SSL::cert count] <= 0 } {

HTTP::collect

SSL::authenticate always

SSL::authenticate depth 9

SSL::cert mode require

SSL::renegotiate

}

when HTTP_REQUEST_SEND {

clientside {

if { [HTTP::uri] starts_with "/manual" } {

if { [SSL::cert count] > 0 } {

HTTP::header replace X-Client-Cert [b64encode [SSL::cert 0]]

}

Forum Discussion

Set ssl to require and pass cert when uri /manual

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Related Content

[Workaound] User required to manually start EPI and VPN in browsers

Passing Arguments to iCall Scripts

Reminder: MFA now required to log in to DevCentral

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

F5 BIG-IP Sizing Requirement