IRULE for SNI is necessary

Question

Single VIP multiple Certificate for three different URL and Multiple pool selection based on the application of individual URL . &nbsp;

kevin_stewart · Answer

You can use Server Name Indication directly within the VIP without an iRule:&nbsp;
https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html?sr=56753139&nbsp;
And you can do pool selection based on SNI within CPM (LTM policies). With at least 11.6x, you don't need any iRules.&nbsp;

kevin_stewart · Answer

SNI-based cert selection and pool assignment are generally two different things, so if you can do SNI at the VIP, and you are offloading SSL at the VIP, then pool selection can be based on HTTP events:
when HTTP_REQUEST {    
    switch [string tolower [HTTP::host]] {        
        "foo.site.com" { pool foo_pool }            
        "bar.site.com" { pool bar_pool }            
        "blah.site.com" { pool blah_pool }
    }
}

Forum Discussion

IRULE for SNI is necessary

2 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

PCI Compliance and ASM

irule for redirect and header injection

What happens if I activate only ASM without provisioning LTM?

Implement load balancing solution with constraints

How to Block Source IP for 24 Hours After TPS Violation (F5 DoS / iRule / SSL Proxy Setup)

Related Content

iRules Style Guide

Hey Claude, can you write iRules?

Hey DeepSeek, can you write iRules?

iRules

Json parsing with iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS