Baptiste schreef op 08/01/14 11:49:
Hi Remy,you can enable both HTTP and HTTPs in the frontend and then use ACLs to force traffic to move to HTTP or HTTPs based on the client side connection type and URL.: http-request redirect scheme https if !{ ssl_fc } { path_beg -i /admin } http-request redirect scheme http if { ssl_fc } !{ path_beg -i /admin } Baptiste On Wed, Jan 8, 2014 at 9:02 AM, Remy van Elst <[email protected]> wrote:Howdy, I've not yet received a response on my earlier email, sending it again. -------- Origineel bericht -------- Onderwerp: client side ssl certificates for specific location Datum: Wed, 18 Dec 2013 20:09:32 +0100 Van: Remy van Elst <[email protected]> Aan: [email protected] Hello, I want to enable client side ssl for a specific URL only. My web app admin lives at https://example.org/admin and I want only the /admin part require a client certificate. In Apache I would do it with a <Location /admin> block. In haproxy I am able to require a certificate for the entire frontend, but not for part of the frontend. (For example, |§acl req_cert path_beg /admin|- and maybe something like client-cert if req_cert). On IRC I was told this is not possible currently: "[16:30:12] meineerde: Raymii: this isn't possible right now as the ssl handling is fully done before any higher-layer stuff (i.e. http) is handled". If it's possible, I'd like to do a feature request? Sincerely, Remy van Elst https://raymii.org
Hello Baptiste,The traffic is https only, I don't want to redirect from http to https. It is specific for a client side ssl certificate. The website now asks for a certificate for the entire site, it should only ask the user for a certificate when they visit the /admin url.
smime.p7s
Description: S/MIME-cryptografische ondertekening
