You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/11/24 02:55:22 UTC

[GitHub] [apisix] AlinsRan opened a new issue, #8391: feat: As a user, I want to specify the API for mTLS authentication, so that protect important API.

AlinsRan opened a new issue, #8391:
URL: https://github.com/apache/apisix/issues/8391

   ### Description
   
   ## Describe
   
   There will be a large number of paths in the gateway, and I hope to perform mTLS authentication on the specified path to protect this path. This needs to be supported by mTLS at the route level, and mTLS mutual authentication can be performed on the specified route.
   
   Assuming there are two routes:
   
   1. `/protect/*` HTTPS and mTLS 
   2. `/public/*`  HTTPS
   
   In fact, since the mTLS of APISIX cannot work on the route, when accessing different routes with the same SNI, you cannot authenticate the mTLS and TLS at the same time. `/public/*` still uses the mTLS.
   
   ## Example
   
   ```sh
   # URL:      /protect/post
   # Expect:  HTTPS + mTLS   
   # Actual:  HTTPS + mTLS 
   curl --resolve 'httpbin.com:9443:127.0.0.1' https://gateway/protect/post -k --cert ./client.pem --key ./client.key
   
   # URL:      /public/get  
   # Expect:  HTTPS   
   # Actual:  HTTPS + mTLS
   curl --resolve 'httpbin.com:9443:127.0.0.1' https://gateway/public/get -k
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] msmost commented on issue #8391: feat: As a user, I want to specify the API for mTLS authentication, so that protect important API.

Posted by "msmost (via GitHub)" <gi...@apache.org>.

msmost commented on issue #8391:
URL: https://github.com/apache/apisix/issues/8391#issuecomment-1419771186

   Opened discussion #8799 on this same topic. Interested in knowing more about whether APISIX can offer mTLS auth on specific routes.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org