Forum Discussion

Nimbostratus

Oct 10, 2017

SNI Based on IRule

I have a requirement to set SNI based on the incoming context for every subsequent requests by same client to the same back-end server. I have put the following in SERVERSSL_CLIENTHELLO_SEND ...

application delivery

LTM

Kai_Wilke

MVP

Oct 10, 2017

Hi Murugs,

to force an

SERVERSSL_CLIENTHELLO_SEND

event after each single

HTTP_REQUEST

event you would need to execute

[LB::detach]

on/after every single

HTTP_REQUEST

HTTP_RESPONSE

event. But this approach would hurt your overall performance and is absolutely NOT recommended...

I'd like to ask the question why do you need to do that?

You need SNI just to select a specific SSL cert on your web server. After the Server SSL handshake is completed, you can pump as many HTTP request over the established TCP connection / SSL session without the need to further manipulate server side SNI records.

Cheers, Kai

Forum Discussion

SNI Based on IRule

Recent Discussions

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

F5Access | MacOS Sonoma

Ansible modules for F5OS

VPN fragmented IP packets dropped

Related Content

iRule redirect based on hostname

iRule assistance based on URI and source address

asm irule to unblock upon violation based on type

iRule help for two redirects based off uri with variable

Clock based irule