For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

PiotrL's avatar
PiotrL
Icon for Cirrus rankCirrus
May 29, 2018

Client SSL profile based on a client ip address and SNI

How can I configure an irule to apply different client SSL profiles depending on 2 conditions: client address and SNI (Server Name Indication) ?  
application delivery
iRules
LTM
youssef_100679's avatar
youssef_100679
Icon for Nimbostratus rankNimbostratus
May 29, 2018

Hi,

can you please give me the use case that you want to implement:

below irule that allow you to manage ssl profile regarding IP address:

when CLIENT_ACCEPTED {
    if { [IP::addr [IP::client_addr] eq "1.2.3.4"]} {
        SSL::profile client-ssl-1
    } else {
        SSL::profile client-ssl-2
    }
}

For SNI you can set it directly in client ssl profile in "Server Name" settings.

Just for information if you set multiple ssl client in your VS you have to set for each profil the "Server Name" and a defaul client ssl for on.

Example:

  • client-ssl1 : toto.mydomain.com
  • client-ssl2 : tata.mydomain.com
  • client-ssl2 : *.mydomain.com (check "Default SSL Profile for SNI" setting )

Let me now if you need additional info.

Regards.