clientCertificate


Matches whether you have configured a client certificate to authenticate requests to edge servers.

OptionTypeDescriptionRequires
enforce​Mtlsenum

Specifies custom request handling depending on the result of checks in the enforce​Mtls​Settings behavior. For example, logging requests when an invalid client certificate is present. Add the enforce​Mtls​Settings behavior to a parent rule, with its own unique match condition and the enable​Deny​Request option disabled.

{"displayType":"enum","options":["FAIL","PASS","IGNORE"],"tag":"select"}
FAIL

Perform the processing when a valid client certificate is not present.

PASS

Perform the processing when a valid client certificate is present.

IGNORE

Ignore the checks performed in the enforce​Mtls​Settings behavior. Perform the processing based on general client certificate attributes specified in the certificate​State field.

certificate​Stateenum

Specifies the status of the certificate.

enforce​Mtls is IGNORE
{"displayType":"enum","options":["MISSING","PRESENT_VALID","PRESENT_INVALID","PRESENT"],"tag":"select"}
{"if":{"attribute":"enforceMtls","op":"eq","value":"IGNORE"}}
MISSING

Perform the processing when a client certificate is not present.

PRESENT_​VALID

Perform the processing when a valid client certificate is present.

PRESENT_​INVALID

Perform the processing when an invalid client certificate is present.

PRESENT

Perform the processing when a client certificate is present, whether or not it is valid.