HAProxy community

Just request client certificate in a certain content / url

sergioburgos December 10, 2016, 1:33am 1

Hello,

I need when accessing a web, just request client certificate in a certain content / url.

The question is that I used a configuration like this:

When you access:

Use_backend tls_client_certificate if require_client_certificate

It does for all the domain that fulfills the acl require_client_certificate

I need you to just do it for example in:

https://auth.example.com/xxxx/yyy

How would I do this?

What I need in Apache would be like this:

Also, indicate that you take as an example:

Because you need to have multiple https websites, each with its server certificate
, I do not know if it’s the best way … any better?

Thank you so much.

lukastribus December 10, 2016, 10:52am 2

You can’t do this with haproxy.

Haproxy generally can only request the client certificate at the handshake, not in an in-flight TLS session, so when the URI is known, its to late.

I’m aware that Apache supports this, I believe by triggering a renegotiation, but haproxy does not.

Topic		Replies	Views	Activity
Check Certificate in Backend possible Help!	4	1178	June 22, 2017
How to auth with client certificates and not depending on URI Help!	4	1864	May 2, 2018
ACLs with TLS and URL paths Help!	1	449	March 20, 2022
Opportunistic client certificate validation Help!	2	1338	August 17, 2017
Forward http request with client certificate to outside server with mutual ssl validation Help!	0	387	May 2, 2019