For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rob_78395's avatar
Rob_78395
Icon for Nimbostratus rankNimbostratus
Jan 28, 2013

Identify and pass-through HTTPS using iRules

I am using a single IP to proxy many different domains. I have a VS on this IP for HTTP traffic and no default pool set becasue I'm using this iRule which works great:     when HTTP_REQUEST {...
application delivery
dev
devops
iRules
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Jan 28, 2013
Rob, I'm pretty sure the client does not specify a domain when using SSL or TLS with the exception of in TLS1.2 if Server Name Indication (SNI) is supported by the client and server. Event there, as you are not terminating the SSL/TLS can inspect the relevant record information? I'm not sure you can. You could always do some research if you think it's worthwhile and your servers and likely clients support SNI by doing some testing and using tcpdump to capture some traffic.