For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

raphael_norber1's avatar
raphael_norber1
Icon for Nimbostratus rankNimbostratus
Sep 11, 2006

Cert Problem

I'm not sure if there is a slution to my issue, but Support suggested there might be an Irule solution. basically i am attempting this:     when HTTP_REQUEST {   if { [HTTP::host] equals "...
application delivery
dev
devops
iRules
Colin_Walker_12's avatar
Colin_Walker_12
Historic F5 Account
Sep 11, 2006
This type of a chicken and egg SSL cert question has been asked a few times before. If you search the forums you'll probably find a couple of different discussions related to similar topics.

 

 

The short answer is, no, there isn't a way to read the information in the HTTP headers before the SSL handshake has occured, so you won't be able to see what the hostname is without first decrypting the data. At this point, you've already exchanged the cert, and the user has seen an alert if they are prompted to accept a cert for a different domain.

 

 

Colin