Log Serverside SNI Value

Question

Hi Everyone,I would apperciate your help with basic requirement I have. I want to log the server side (F5 -&gt; Pool member) SNI Value.I'm familiar with this command:"binary scan [SSL::extensions -type 0] {@9A*} cs_sni_name" which does work for ClientSSL SNI but not for ServerSSL SNI - I tried using it in the following server side events:SERVERSSL_HANDSHAKESERVERSSL_CLIENTHELLO_SENDThanks so much for your attention :),Adir&nbsp;&nbsp;&nbsp;

paulius · Answer

AdirZe The following should be what you're looking for but from my understanding the F5 will not send an SNI name unless you explicitly configure it in the SSL server profile so you should already know what the name is unless of course you are configuring SSL passthrough which the F5 will then send whatever the client has sent it.
when SERVERSSL_CLIENTHELLO_SEND priority 500 {

binary scan [SSL::extensions -type 0] {@9A*} sni_name
    log local0. "sni name: ${sni_name}"

}

adirze · Answer

&nbsp;Thank you, I understand , I actually tried it, it looks like it doesn't find the the sni value&nbsp;even though there is a Server SSL profile with sni value attached.the "sni_exists" if is false.when SERVERSSL_CLIENTHELLO_SEND priority 500 {set sni_exists [SSL::extensions exists -type 0]if { $sni_exists } {binary scan [SSL::extensions -type 0] {@9A*} sni_namelog local0. "sni name: ${sni_name}"}}&nbsp;&nbsp;&nbsp;

Forum Discussion

Log Serverside SNI Value

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

APM/Analytics - Log click on webtop resources [serverside]

Reminder: MFA now required to log in to DevCentral

Global Log Receiver

AWAF - Do not log Geolocation violations from the Event Log

irule logging question

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS