If you create an
action specifying client-side authentication on a per-directory basis, a client
identified by a policy associated with the action is not authenticated as part
of the initial SSL handshake. Instead, authentication is carried out every time
the client wants to access a specific directory on the web server.
For example, if
you have multiple divisions in the company, where each division has a folder in
which all its files are stored, and you want to know the identity of each
client that tries to access files from a particular directory, such as the
finance directory, you can enable per-directory client authentication for that
per-directory client authentication, first configure client authentication as
an SSL action, and then create a policy that identifies the directory that you
want to monitor. When you create the policy, specify your client-authentication
action as the action associated with the policy. Then, bind the policy to the
SSL virtual server that will receive the SSL traffic.