can I set ssl profile by [HTTP::host] in one irule?

Question

I have this scene: &nbsp;
&nbsp;www.a.com mapped to a virtual server,
&nbsp;www.b.com mapped to www.a.com&nbsp;
&nbsp;here is the question,when performing a https request on both www.a.com and www.b.com I should provide a ssl profile. Can I use different host name to determine which ssl profile should I use in one irule?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

hamish · Answer

Im assuming here youre talking about the TlS extensions for multiple virtual hosts on a single IP address. I've seen an irule floating around that does the extensions to TLS to use the ssl negotiation for determining which certificate to present.  
&nbsp;  
&nbsp; You need a browser that supports this though... I'll have a loom round, but im pretty sure it was in the codeshare. 
&nbsp;  
&nbsp; If its not, the yes, its possible, but youll need to do a fair bit of work yourself. ;) 
&nbsp;  
&nbsp; H

hamish · Answer

Yep... Its in the codeshare at 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/iRules.TLS-ServerNameIndication.ashx 
&nbsp;  
&nbsp; H

hoolio · Answer

The main caveat with TLS SNI is that IE on WinXP cannot support it. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

can I set ssl profile by [HTTP::host] in one irule?

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Show or List F5 XC Routes in the Web

Related Content

(HTTP) Redirection via Arbitrary Host Header

STREAM profile (HTTP > HTTPS) with host exception

iRule http host with wildcard domain

Select pool based on HTTP host header

Universal HTTP host redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS