Mr_Moody
Sep 22, 2020Nimbostratus
Help with irule for bypassing client authentication certificates by IP
Hello, I'm looking for help with an irule that will bypass the client authentication certificate for a group of ip addresses. Currently we have the client cert auth working with a client ssl profile in LTM set to require client authentication. We would like to allow certain IP addresses access to the site without client certificates.
I assume that I would need to change the ssl profile to 'request' client auth and create an irule to handle things from there. I think the logic should be something to the affect:
if ip is in data group list of IP addresses->allow access without cert
request client certificate->if valid cert presented->allow access
If no cert and not on list->deny access
Any help would be appreciated.