Forum Discussion

GPOPS_375894's avatar
GPOPS_375894
Icon for Nimbostratus rankNimbostratus
Feb 14, 2019

Client Authentication - REQUEST

Can someone provide more detailed information around the workings of the F5 when client authentication is on and set to REQUEST. I am struggling with the use of that setting. We are trying to use the F5 to process the cert that one of our four vendors is insisting on using while allowing our other three to remain as they are today not needing a cert. We thought perhaps the REQUEST setting would be useful for that but cannot confirm that they cert is actually being processed by the F5 or is it just allowing the connectivity by default per the language I found in some of the available information on DEV Central. Any guidance wold be appreciated.

 

application delivery
ASM Advanced WAF
iRules
LTM
security

1 Reply

Sort By
  • P_K's avatar
    P_K
    Icon for Altostratus rankAltostratus
    Feb 14, 2019

    See this article https://support.f5.com/csp/article/K14783

     

    [Below content copied from above article]

     

    The Request setting is often used in conjunction with iRules to provide selective access depending on the certificate presented.

     

    For example, this option is useful if you want to allow clients who present a certificate from the configured trusted CA to gain access to the application, while redirecting clients who do not provide the required certificate are to a page that details the access requirements.

     

    However, if you are not using iRules to enforce a different outcome, depending on the certificate details, there is no functional benefit to using the Request setting instead of the default Ignore setting. In both cases, the system establishes an SSL session, regardless of the certificate presented, and it proxies the connection to the default pool.

     

    Hope this helps!