GuideReference
TrainingSupportCommunity
Reference

client_​certificate

  • Property Manager name: Client certificate
  • Criteria version: The v2024-05-31 rule format supports the client_​certificate criteria v1.2.
  • Rule format status: GA, stable
  • Access: Read/Write
  • Allowed in includes: Yes

Matches whether you have configured a client certificate to authenticate requests to edge servers.

OptionTypeDescriptionRequires
is_​certificate_​presentboolean

Executes rule behaviors only if a client certificate authenticates requests.

{"displayType":"boolean","tag":"input","type":"checkbox"}
is_​certificate_​validenum

Matches whether the certificate is VALID or INVALID. You can also IGNORE the certificate's validity.

is_​certificate_​present is true
{"displayType":"enum","options":["VALID","INVALID","IGNORE"],"tag":"select"}
{"if":{"attribute":"isCertificatePresent","op":"eq","value":true}}
VALID

Match when the certificate is valid.

INVALID

Match when the certificate is invalid.

IGNORE

Ignores the certificate's is valid.

enforce_​mtlsboolean

Specifies custom handling of requests if any of the checks in the enforce_​mtls​_settings behavior fail. Enable this and use with behaviors such as log​_custom so that they execute if the check fails. You need to add the enforce_​mtls​_settings behavior to a parent rule, with its own unique match condition and enable​Deny​Request option disabled.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"op":"and","params":[{"op":"or","params":[{"attribute":"isCertificateValid","op":"eq","value":"VALID"},{"attribute":"isCertificateValid","op":"eq","value":"INVALID"}]},{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"mTLS_client_to_edge"}]}}