Forum Discussion

Cirrus

Aug 21, 2020

Irule to match SNI

I have configured one vs with multiple ssl profile and one ssl profile marked as default SNI, I need to write irule to match SNI ( during client hello ) only for assigned ssl profile rest it should...

MVP

Aug 21, 2020

Hi Karthick,

when HTTP_REQUEST {
	switch [HTTP::host] {
		"abc.com" -
		"www.abc.com" -
		"ccc.com" -
		"www.ccc.com" { }
		default { reject }
	}
}

Karthick1

Cirrus

Aug 22, 2020

Dear Eaa,

Thanks for your comments, yes the same irule which you have shared i have done using class match.

but i need to match using SNI during client Hello. I tried using this cmd "SSL::sni name " but it is not working.

Enes_Afsin_Al
MVP
Aug 23, 2020
Hi Karthick,
Can you try with [SSL:extension sni name] ?
when CLIENTSSL_CLIENTHELLO { if { [SSL:extension sni name] ends_with "abc.com" } { # .. } }

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Irule to match SNI

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Illigal Parameter addition as custom signature set wanted to Unblock

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

Related Content

Serverside SNI injection iRule

SNI Routing with BIG-IP

How to Troubleshoot SNI

SNI Routing with DNS Lookup

Extracting the SNI server name

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS