SalvaChiLlo commented on issue #10647: URL: https://github.com/apache/apisix/issues/10647#issuecomment-1855175751
If the capacity to by pass mTLS in certain subpaths is possible wouldn't it be possible to have a list of paths that you specifically want mTLS enabled? On Thu, Dec 14, 2023, 05:20 Traky Deng ***@***.***> wrote: > It's probably a no, the reasons being that: > > - X.509 certs are valid for domains or sub-domains and have no > business to do with paths. > - APISIX doesn't offer extra mechanisms (AFAIK?) to to help you > implement this by path. > > We have some docs > <https://docs.api7.ai/apisix/how-to-guide/traffic-management/tls-and-mtls/configure-https-between-client-and-apisix> > around the topic where you'll see the (m)TLS is independent of the specific > path. > > The only thing about mTLS by path/route is #9322 > <https://github.com/apache/apisix/pull/9322> (docs > <https://apisix.apache.org/docs/apisix/3.4/tutorials/client-to-apisix-mtls/#mtls-bypass-based-on-regular-expression-matching-against-uri>), > where you can whitelist a path to BYPASS mTLS. But this is not what you > want. > > — > Reply to this email directly, view it on GitHub > <https://github.com/apache/apisix/issues/10647#issuecomment-1855105047>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AMQFR25MQ4QDTRL653WDI6TYJJ5BBAVCNFSM6AAAAABATA2UVOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJVGEYDKMBUG4> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> > -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
