F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Karthick1's avatar
Karthick1
Icon for Cirrus rankCirrus
Aug 21, 2020

Irule to match SNI

I have configured one vs with multiple ssl profile and one ssl profile marked as default SNI, I need to write irule to match SNI ( during client hello ) only for assigned ssl profile rest it should...
application delivery
BIG-IP
Irule for SNI
iRules
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Aug 21, 2020

Hi Karthick,

when HTTP_REQUEST {
	switch [HTTP::host] {
		"abc.com" -
		"www.abc.com" -
		"ccc.com" -
		"www.ccc.com" { }
		default { reject }
	}
}
Karthick1's avatar
Karthick1
Icon for Cirrus rankCirrus
Aug 22, 2020

Dear Eaa,

 

Thanks for your comments, yes the same irule which you have shared i have done using class match.

 

but i need to match using SNI during client Hello. I tried using this cmd "SSL::sni name " but it is not working.

 

 

  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Aug 23, 2020

    Hi Karthick,

    Can you try with [SSL:extension sni name] ?

    when CLIENTSSL_CLIENTHELLO {
	if { [SSL:extension sni name] ends_with "abc.com" } {
		# ..
	}
}