Client SSL profile based on uri

Question

Hello team,&nbsp;I have two client ssl profile one with client authentication and another without client authentication, can we select these profiles based on uri? F5 OS version 14.1.2&nbsp;I tried with iRule for SSL::cert mode request but the browser not requesting for the certificate.&nbsp;when CLIENTSSL_CLIENTCERT { set ssl_cert [SSL::cert 0] } when HTTP_REQUEST {&nbsp;&nbsp;if { [string tolower [HTTP::uri]] starts_with "/test" }&nbsp;&nbsp;&nbsp;&nbsp;{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HTTP::collect&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::authenticate always&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::authenticate depth 9&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::cert mode request&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::renegotiate&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HTTP::header insert clientcert "[IP::client_addr]:[TCP::client_port]: cert 0; subject=[X509::subject [SSL::cert 0]];[X509::issuer [SSL::cert 0]]; cert_serial=[X509::serial_number [SSL::cert 0]];"&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;&nbsp;}

dario_garrido · Answer

Hello VishnuVG.&nbsp;Use require instead of request.&nbsp;This example should suit your requirements.REF - https://clouddocs.f5.com/api/irules/SSL__renegotiate.html&nbsp;Regards,Dario.

Forum Discussion

Client SSL profile based on uri

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

iRule based RADIUS Client Stack

Client SSL Profile

Client vs Server SSL profile

Server Profile SNI

Group based authorization + OAuth 2.0 client setup with APM