Thanks. Will ip_allow take IPs as input. Is the following a valid example ?
sni
ip_allow: x.y.z.a
verify_client: MODERATE
On Mon, Nov 25, 2019 at 11:59 PM Susan Hinrichs <[email protected]>
wrote:
> You can specialize the client certificate requirements using sni.yaml. So
> only request it for specific domain names. There is also an ip_allow
> action in sni.yaml (which I see is not documented) which would allow to
> control requiring client certificate based on the peer's IP.
>
>
> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/sni.yaml.en.html?highlight=sni%20yaml#std:configfile-sni.yaml
>
> I'll work on putting up a PR with some documentation on the ip_allow
> action.
>
> Susan
>
> On Sun, Nov 24, 2019 at 11:09 PM supraja sridhar <
> [email protected]> wrote:
>
>> Hello,
>>
>> I understand that -
>> proxy.config.ssl.client.certification_level provides the option to
>> enable/disable client certificate verification across all connections. Is
>> it possible to skip client certificate verification based on source IP?
>>
>>
>> Thanks,
>> Supraja
>>
>
--
Regards,
S.SUPRAJA
MIT
