Thanks. Will ip_allow take IPs as input. Is the following a valid example ? sni ip_allow: x.y.z.a verify_client: MODERATE
On Mon, Nov 25, 2019 at 11:59 PM Susan Hinrichs <shinr...@verizonmedia.com> wrote: > You can specialize the client certificate requirements using sni.yaml. So > only request it for specific domain names. There is also an ip_allow > action in sni.yaml (which I see is not documented) which would allow to > control requiring client certificate based on the peer's IP. > > > https://docs.trafficserver.apache.org/en/latest/admin-guide/files/sni.yaml.en.html?highlight=sni%20yaml#std:configfile-sni.yaml > > I'll work on putting up a PR with some documentation on the ip_allow > action. > > Susan > > On Sun, Nov 24, 2019 at 11:09 PM supraja sridhar < > suprajasridha...@gmail.com> wrote: > >> Hello, >> >> I understand that - >> proxy.config.ssl.client.certification_level provides the option to >> enable/disable client certificate verification across all connections. Is >> it possible to skip client certificate verification based on source IP? >> >> >> Thanks, >> Supraja >> > -- Regards, S.SUPRAJA MIT