Mike_P_
Jul 13, 2016Nimbostratus
CAC Auth triggered by specific URI via iRule
I am looking for a way to have the BIG-IP perform CAC auth on behalf of a server but only specifically for a URI / page that the user connects to. This is what I have so far but I am not sure how to tell the F5 which ocsp auth profile to use or even the specific CA file to use. I am trying to avoid having to send anything to the server for processing via header and instead just wish to have the irule trigger the CAC auth requirement ONLY for a specific page. Any thoughts?
This is what I have so far...
when HTTP_REQUEST {
if { ( [string tolower [HTTP::uri]] contains "/cacauth" ) } {
if { [SSL::cert count] <= 0 } {
HTTP::collect
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
}