Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  mTLS Authorization

    Posted 21 days ago

    Hi, 
    Is it possible to define WAF rules based on the mTLS connection? For example, can I restrict access so that CN=xxx is blocked, while CN=yyy is allowed to access the application? Currently, mTLS only performs certificate validation, and Client Authentication Rules determine which certificate details are forwarded to the backend server.

    Regards,
    Renaz


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Renaz Pirhan
    ------------------------------


  • 2.  RE: mTLS Authorization

    Posted 3 days ago
    Edited by Caleb Larson 3 days ago

    Additionally, is it possible to assign certain client certs to certain endpoints? I think I read that is not possible but that would be a nice feature to have as we are unable to roll out mTLS without fine grained cert validation.



    ------------------------------
    Caleb Larson
    ------------------------------

    Original Message


  • 3.  RE: mTLS Authorization

    Posted 9 hours ago

    Hi @Renaz Pirhan and @Caleb Larson,

    I checked internally on this and one of our Global Support Architects came back to say the following:

    No. OnPrem WAF only validates the certificate and forwards the data in the HTTP request to the server. The server is then responsible for the rest.

    Caleb - Thanks for your feedback - I will share it with the product team.

    Thanks,
    Sarah



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------

    Original Message