Snippets

Nov Matake Azure API Management Policy for MTLS

Created by Nov Matake
mtls-policy.xml
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<policies>
    <inbound>
        <base />
        <!-- TODO: limit by client_id, not token itself -->
        <rate-limit-by-key calls="30" renewal-period="10" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization",""))" />
        <choose>
            <when condition="@(context.Request.Certificate != null && context.Request.Certificate.NotAfter > DateTime.Now)">
                <set-header name="Client-Certificate" exists-action="override">
                    <value>@(context.Request.Certificate.GetRawCertDataString())</value>
                </set-header>
            </when>
            <otherwise>
                <set-header name="Client-Certificate" exists-action="override">
                    <value />
                </set-header>
            </otherwise>
        </choose>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

Comments (0)

HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.