clientCertificate


Matches whether you have configured a client certificate to authenticate requests to edge servers.

OptionTypeDescriptionRequires
is‚ÄčCertificate‚ÄčPresentboolean

Executes rule behaviors only if a client certificate authenticates requests.

{"displayType":"boolean","tag":"input","type":"checkbox"}
is‚ÄčCertificate‚ÄčValidenum

Matches whether the certificate is VALID or INVALID. You can also IGNORE the certificate's validity.

is‚ÄčCertificate‚ÄčPresent is true
{"displayType":"enum","options":["VALID","INVALID","IGNORE"],"tag":"select"}
{"if":{"attribute":"isCertificatePresent","op":"eq","value":true}}
VALID

Match when the certificate is valid.

INVALID

Match when the certificate is invalid.

IGNORE

Ignores the certificate's is valid.

enforce‚ÄčMtlsboolean

Specifies custom handling of requests if any of the checks in the enforce‚ÄčMtls‚ÄčSettings behavior fail. Enable this and use with behaviors such as log‚ÄčCustom so that they execute if the check fails. You need to add the enforce‚ÄčMtls‚ÄčSettings behavior to a parent rule, with its own unique match condition and enable‚ÄčDeny‚ÄčRequest option disabled.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"op":"and","params":[{"op":"or","params":[{"attribute":"isCertificateValid","op":"eq","value":"VALID"},{"attribute":"isCertificateValid","op":"eq","value":"INVALID"}]},{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"mTLS_client_to_edge"}]}}