For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

F5-Geek's avatar
F5-Geek
Icon for Nimbostratus rankNimbostratus
Sep 18, 2018

Irule help

To create a irule to create a client ssl profile and server ssl profile on Virtual server using SNI with a wildcard certificate with SAN.   This virtual server would used for different environmet ...
application delivery
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 21, 2018

Hi,

 

This code won’t work

 

set hostname HTTP::header replace Host "[class match -value [SSL:extension sni name ] equals "hostgroup"]"

May be this one

 

set hostname [HTTP::header replace Host "[class match -value [SSL:extension sni name ] equals "hostgroup"]" ]

I’m not sure [SSL:extension sni name ] works in HTTP_REQUEST event. You may catch it in CLIENTSSL_CLIENTHELLO, and change the host header in HTTP_REQUEST

 

when CLIENTSSL_CLIENTHELLO {
    set hostname [class match -value [SSL:extension sni name ] equals "hostgroup"]
}

when HTTP_REQUEST {
    HTTP::header replace Host $hostname
}
when SERVERSSL_CLIENTHELLO_SEND {   
    set bin [binary format S1S1S1S1ca* 0 [expr [string length $hostname] + 5] [expr [string length $hostname] + 3] 0 [string length $hostname] $hostname]   
    SSL::extensions insert $bin 
}