LTM Policy don't trigger on ALPN in SSL_Client_Hello

Question

HiHave someone successfully managed to get a LTM Policy to trigger on ALPN in "SSL Client Hello"?I have created a policy like below, and attached it to a Virtual-Server.But when I send/connect to VS, policy won't trigger and nothing is written to my log.I have also tried with different Index values, but that makes no difference.I have verified that the ALPN is present in TLS request, both with Wireshark but also with an iRule attached to same VS.iRule:WireShark:RegardsChristian&nbsp;&nbsp;

niels_van_sluis · Answer

I've been playing with this, but also couldn't get it to work. It's unclear what index the SSL Extension alpn in the policy would be a valid one.

cenroth · Answer

Hi NielsI really appreciate your help. For a while i thought i had done something wrong. But if you have tested it, andalso can't get it to work then I’m quite sure that it is a "bugg" in the way Big IP handles ALPN in TLS packages.I will open a case towards F5, and see what kind of solution they will come up with.RegardsChristian

Forum Discussion

LTM Policy don't trigger on ALPN in SSL_Client_Hello

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Cisco TACACS+ Config on ISE LTM Pair

Illegal Metacharacter in Parameter Name in Json Data

Related Content

Trigger js challenge/Captcha for ip reputation/ip intelligence categories

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)

Minimizing Security Complexity: Managing Distributed WAF Policies

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS