For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

F5-Geek's avatar
F5-Geek
Icon for Nimbostratus rankNimbostratus
Sep 18, 2018

Irule help

To create a irule to create a client ssl profile and server ssl profile on Virtual server using SNI with a wildcard certificate with SAN.   This virtual server would used for different environmet ...
application delivery
LTM
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Sep 19, 2018

Hi,

Find below irule you need.

when HTTP_REQUEST {

set abc1 0
set abc2 0
set abc3 0


switch -glob [string tolower [HTTP::host]] {
    " abc1.com" {
        set abc1 1
        HTTP::header replace Host "abcsecure1.com"
    }
    " abc2.com" {
        set abc2 1
        HTTP::header replace Host "abcsecure2.com"
    }
    " abc3.com" {
        set abc3 1
        HTTP::header replace Host "abcsecure3.com"
    }
    default {
         do nothing
    }
  }
}



when SERVER_CONNECTED {

if {$abc1} {
    SSL::enable serverside
    SSL::profile server-ssl-profile-abc1
} elseif {$abc2} {
    SSL::enable serverside
    SSL::profile server-ssl-profile-abc2
} elseif {$abc3} {
    SSL::enable serverside
    SSL::profile server-ssl-profile-abc3
} else {
    SSL::enable serverside
    SSL::profile serverssl-insecure-compatible

}
}

As you can noticed I set you a differente ssl server profile depending hostname you entered. is just an example.

You can set the same if wanted.

regards,