URI based client SSL authentication

Question

Hi Guys,&nbsp;I need to implement the following:&nbsp;The customer runs a bunch of applications on the same virtual server, differenciated by the URI, as follows:&nbsp;&nbsp;&nbsp;https://customer.net/app1/&nbsp;https://customer.net/app2/
&nbsp;https://customer.net/app3/
&nbsp;&nbsp;&nbsp;Now, the customer wants to ensure that access to app1 and app2 is publically available, but access to app3 is restricted to a single client IP address (easy) and calls for client authentication via SSL certificate (difficult). &nbsp;I suppose I'm running into some kind of hen/egg problem here, needing to complete the SSL handshake before being able to decrypt the URI... Any idea how to solve this?&nbsp;I thought about dynamically changing the SSL profile when the URI /app3/ is being called and then force the client to re-connect. How would I put that into iRule code? &nbsp;Many thanks in advance!&nbsp;&nbsp;&nbsp;Greetings&nbsp;Martin&nbsp;&nbsp;

nitass · Answer

is this applicable? 
&nbsp;  
&nbsp; Selective Client Cert Authentication by Colin 
&nbsp; http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/219/Selective-Client-Cert-Authentication.aspx

Forum Discussion

URI based client SSL authentication

1 Reply

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

OWASP Tactical Access Defense Series: Broken Authentication and BIG-IP APM

Pass client cert based on POST data

iRule - jwt is generated prior to authentication

Client Certificate Authentication - Machine or Client cert APM method

Howto enable BIG-IP ASM client fingerprinting