Forum Discussion
zamroni777
Nacreous
you can try this guide.
Securing Applications using mTLS Supported by F5 Distributed Cloud
it puts information from the client certificate into http custom header.
so your app server will need modification to read the header.
ab7
Jul 12, 2024Nimbostratus
the query is for Cloud F5 XC WAF
- Nikoolayy1Jul 22, 2024MVP
If you are doing a decryption on the F5 XC HTTP LB the XC WAF will not block you because of an SSL cert. Maybe review better the reason for the issue.
You can bypass the WAF also in service policies with more granularity like source IP , HTTP Header and bgp ASN: