F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Chakravarthi_P1's avatar
Chakravarthi_P1
Icon for Nimbostratus rankNimbostratus
Aug 01, 2012

HTTPS passthrough with HTTP:Host validation

Hi,     I am trying to setup a HTTPS passthrough where SSL certs would be configured on Servers..     DNS :   test.mydomain.com --- 59.40.33.11   web.mydomain.com -- 59.40.33.11  ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 01, 2012
Hi Chakri,

 

 

In order to inspect the HTTP host header value for all browsers, you'd need to decrypt the SSL and parse the HTTP headers.

 

 

If you have a controlled population of users and guarantee they use more current browsers, you could potentially do this by reading the TLS server name indicator from the SSL handshake:

 

 

http://en.wikipedia.org/wiki/Server_Name_Indication

 

 

Here's an example from Joel Moses showing how you can parse the TLS SNI value:

 

https://devcentral.f5.com/wiki/iRules.TLS-ServerNameIndication.ashx

 

 

Aaron