Just request client certificate in a certain content / url


#1

Hello,

I need when accessing a web, just request client certificate in a certain content / url.

The question is that I used a configuration like this:

When you access:

Use_backend tls_client_certificate if require_client_certificate

It does for all the domain that fulfills the acl require_client_certificate

I need you to just do it for example in:

https://auth.example.com/xxxx/yyy

How would I do this?

What I need in Apache would be like this:

Also, indicate that you take as an example:

Because you need to have multiple https websites, each with its server certificate
, I do not know if it’s the best way … any better?

Thank you so much.


#2

You can’t do this with haproxy.

Haproxy generally can only request the client certificate at the handshake, not in an in-flight TLS session, so when the URI is known, its to late.

I’m aware that Apache supports this, I believe by triggering a renegotiation, but haproxy does not.