Forum Discussion

Nimbostratus

Aug 01, 2012

HTTPS passthrough with HTTP:Host validation

Hi, I am trying to setup a HTTPS passthrough where SSL certs would be configured on Servers.. DNS : test.mydomain.com --- 59.40.33.11 web.mydomain.com -- 59.40.33.11 ...

Cirrostratus

Aug 01, 2012

Hi Chakri,

In order to inspect the HTTP host header value for all browsers, you'd need to decrypt the SSL and parse the HTTP headers.

If you have a controlled population of users and guarantee they use more current browsers, you could potentially do this by reading the TLS server name indicator from the SSL handshake:

http://en.wikipedia.org/wiki/Server_Name_Indication

Here's an example from Joel Moses showing how you can parse the TLS SNI value:

https://devcentral.f5.com/wiki/iRules.TLS-ServerNameIndication.ashx

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTTPS passthrough with HTTP:Host validation

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

WAF Policy upload using AS3

Rerouting iRule not rerouting correctly

APM webtop – problem with websockets for Serverside Blazor app

What is the recommended TCP Profile settings monitor settings for ISO 8583 traffic in F5 Big IP ?

Need F5 iRules Consultant - HTTP Header Manipulation Issues

Related Content

POC: Validate JWT with iRule

Passthrough IPSec with AFM

Implementing SSL Orchestrator - Validation & Troubleshooting

HTTPS passthrough fallback URL

Announcing F5 NGINX Gateway Fabric 1.4.0 with IPv6 and TLS Passthrough

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS