Ssl_verify_client on; for external connections only

Hi all,

I have server setup that requires a client ssl cert. It’s working fine.
The problem is I want to allow non-routable IPs (10.0.0.0/8,
172.16.0.0/12, and 192.168.0.0/16) to connect without the client cert.
I’ve tried moving the ssl_verify_client into an if block that checks the
request address, but nginx complains that it’s not allowed there.

Anyway have any thoughts on how I could accomplish this?

Thanks,

Curtis

Posted at Nginx Forum: