Virtual Server Routing with Client Cert
Hi,
I have a sort of "catch all" virtual server with no access policy, terminating SSL, and an irule that routes requests to the correct virtual server based on the hostname.
The target virtual servers all have an access policy starting with "On Demand Cert Auth" and then continues through some authentication logic.
The problem I'm running into is that the "On Demand Cert Auth" is being executed but is going straight to deny and never prompting for a certificate. I have it set to "request".
I'm curious if this is even possible or if anyone has tried to implement something like this. The goal being I don't want to setup a separate virtual server and access policies for every site I have, as they would be identical and I would have to maintain each copy of them which would lead to discrepancies.
The catch all irule looks like this:
when HTTP_REQUEST {
switch [HTTP::host] {
"anon1.mysite.com" -
"anon2.mysite.com"
{
log local0. "Sending [HTTP::host] to anonymous"
virtual anonymous
}
"reporting.mysite.com"
{
log local0. "Sending [HTTP::host] to reporting"
virtual reporting
}
default
{
log local0. "Sending [HTTP::host] to kerberos"
virtual kerberos
}
}
}
Thanks!