Does BIG-IP send traffic to pool members by IP and is it possible to recognize hostname?

Hi alokjhafb,

HTTP communication and the underlying TLS/SSL communication are completely distinct from each other.

The clientside connection may request (via Server Name Indication) a certificate for but then may request a page using the HOST-name of .

The F5 may establish a serverside SSL connection to a pool member and then check if a specific CNAME / DNS Name is present in the received certificate. But right after the the F5 can still forward requests for a completely different HOST-name.

This is an intended default behavior. But feel free to overwrite this behavior by using handcrafted iRules and/or LTM Policies to filter out requests for unknown HOST-names as well as selecting the right Pools and matching Server_SSL_Profiles based on the requested HOST-names.

Example iRule:

when HTTP_REQUEST {
    set low_host [string tolower [HTTP::host]]
    if { $low_host eq "www.domain.net" } then {
        pool "Pool_www.domain.net"
        set server_ssl "/Common/SRV_SSL_www.domain.net"
    } elseif { $low_host eq "www.domain.com" } then {
        pool Pool_www.domain.com
        set server_ssl "/Common/SRV_SSL_www.domain.com" 
    } else {
         Unknown HOST-name requested
        HTTP::respond 502 content "Bad Gateway: Unknown HOSTNAME requested" "Content-Type" "text/html" "Connection" "close"
        TCP::close
    }
}
when SERVER_CONNECTED {
    SSL::profile $server_ssl
}

Cheers, Kai