Also, does sni.yaml exist in ATS 7.1.1? Thanks Supraja
On Tue, Dec 3, 2019 at 9:32 AM supraja sridhar <[email protected]> wrote: > Thanks. Will ip_allow take IPs as input. Is the following a valid example > ? > sni > ip_allow: x.y.z.a > verify_client: MODERATE > > > On Mon, Nov 25, 2019 at 11:59 PM Susan Hinrichs <[email protected]> > wrote: > >> You can specialize the client certificate requirements using sni.yaml. >> So only request it for specific domain names. There is also an ip_allow >> action in sni.yaml (which I see is not documented) which would allow to >> control requiring client certificate based on the peer's IP. >> >> >> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/sni.yaml.en.html?highlight=sni%20yaml#std:configfile-sni.yaml >> >> I'll work on putting up a PR with some documentation on the ip_allow >> action. >> >> Susan >> >> On Sun, Nov 24, 2019 at 11:09 PM supraja sridhar < >> [email protected]> wrote: >> >>> Hello, >>> >>> I understand that - >>> proxy.config.ssl.client.certification_level provides the option to >>> enable/disable client certificate verification across all connections. Is >>> it possible to skip client certificate verification based on source IP? >>> >>> >>> Thanks, >>> Supraja >>> >> > > -- > Regards, > S.SUPRAJA > MIT > -- Regards, S.SUPRAJA MIT
