Forum Discussion

Mike_P_'s avatar
Mike_P_
Icon for Nimbostratus rankNimbostratus
Jul 13, 2016

CAC Auth triggered by specific URI via iRule

I am looking for a way to have the BIG-IP perform CAC auth on behalf of a server but only specifically for a URI / page that the user connects to. This is what I have so far but I am not sure how to tell the F5 which ocsp auth profile to use or even the specific CA file to use. I am trying to avoid having to send anything to the server for processing via header and instead just wish to have the irule trigger the CAC auth requirement ONLY for a specific page. Any thoughts?

This is what I have so far...

when HTTP_REQUEST {
  if { ( [string tolower [HTTP::uri]] contains "/cacauth" ) } {  
      if { [SSL::cert count] <= 0 } {
      HTTP::collect
      SSL::authenticate always
      SSL::authenticate depth 9
      SSL::cert mode require
      SSL::renegotiate
    }
  }

2 Replies

  • By the way... This is for ver 11.5.3 LTM with APM. I have APM profiles and also LTM profiles that already work perfectly with CAC auth and OCSP checking but am trying to figure out how to best implement one of those methods via an irule specific to a page.