How to rewrite before client certificate requirement?

Topics: User Forum
Mar 31, 2011 at 3:29 PM

Hi.

I have the need to do the following:

My web site is SSL enabled and is setup to require a client certificate. If a request comes in from a specific IP address, I want to redirect to another web site that doesn't require a client certificate.

However, it seems that the client certificate requirement kicks in before iirf, so it asks for a client certificate before the rewrite rule is applied.

Is there any way of applying a iirf rewrite rule before the client certificate requirement check?

/M

Coordinator
Apr 2, 2011 at 2:26 PM

I don't think there is a way to do what you want - involve IIRF before the client cert negotiation.  But I'll have to check into that, to be sure.

Apr 11, 2011 at 1:16 AM

I'm in the same boat.  I don't want the client certificate check or really ANY https authentication performed prior to redirecting to the real site actually configured to handle it.

Magnus, the only way I've seen your request handled is to funnel everything through the NON Client cert required site first.  Send all traffic to the one with forms or basic authentication, and on that site, check the IP and redirect those not from the suspect IP address to the client cert site.  Of course, this ends up being a major business rules change.  So we are right back to square one. :)