Hi Aaron,
Thanks for you reply, yes i am referring to client SSL certtificates, I am autheticating my clients with "require" option in SSL profile, module am using is ACA bundled with ASM, i did exactly what you are suggesting, that's to redirect if client does not present cert, however i was unable to use commands like redirect or respond under CLIENTSSL_CLIENTCERT event, so i created another event in same rule HTTP_REQUEST to pass on the global variable and use it to redirect, it doesn't work with Require option, probably cozz this option drops the connection itself, and not going to HTTP_REQUEST stage, though it worked with Request option, now i am just trying to think if it poses any risks !!! Any suggestions !!!
Cheers !
Prashant