clientCertificate


Matches whether you have configured a client certificate to authenticate requests to edge servers.

OptionTypeDescriptionRequires
isā€‹Certificateā€‹Presentboolean

Executes rule behaviors only if a client certificate authenticates requests.

{"displayType":"boolean","tag":"input","type":"checkbox"}
isā€‹Certificateā€‹Validenum

Matches whether the certificate is VALID or INVALID. You can also IGNORE the certificate's validity.

isā€‹Certificateā€‹Present is true
{"displayType":"enum","options":["VALID","INVALID","IGNORE"],"tag":"select"}
{"if":{"attribute":"isCertificatePresent","op":"eq","value":true}}
VALID

Match when the certificate is valid.

INVALID

Match when the certificate is invalid.

IGNORE

Ignores the certificate's is valid.

enforceā€‹Mtlsboolean

Specifies custom handling of requests if any of the checks in the enforceā€‹Mtlsā€‹Settings behavior fail. Enable this and use with behaviors such as logā€‹Custom so that they execute if the check fails. You need to add the enforceā€‹Mtlsā€‹Settings behavior to a parent rule, with its own unique match condition and enableā€‹Denyā€‹Request option disabled.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"op":"and","params":[{"op":"or","params":[{"attribute":"isCertificateValid","op":"eq","value":"VALID"},{"attribute":"isCertificateValid","op":"eq","value":"INVALID"}]},{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"mTLS_client_to_edge"}]}}