Forum Discussion

Nimbostratus

Oct 10, 2017

SNI Based on IRule

I have a requirement to set SNI based on the incoming context for every subsequent requests by same client to the same back-end server. I have put the following in SERVERSSL_CLIENTHELLO_SEND ...

application delivery

LTM

Kai_Wilke

MVP

Oct 10, 2017

Hi Murugs,

to force an

SERVERSSL_CLIENTHELLO_SEND

event after each single

HTTP_REQUEST

event you would need to execute

[LB::detach]

on/after every single

HTTP_REQUEST

HTTP_RESPONSE

event. But this approach would hurt your overall performance and is absolutely NOT recommended...

I'd like to ask the question why do you need to do that?

You need SNI just to select a specific SSL cert on your web server. After the Server SSL handshake is completed, you can pump as many HTTP request over the established TCP connection / SSL session without the need to further manipulate server side SNI records.

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SNI Based on IRule

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Load Balancing IIS Servers

Front azure traffic from F5 LTM onpremises

F5 BigIP APM VPN some LDAP field are base64 encoded

Two Arm Deployment mode using PBR

Questions about F5 BIG-IP Multi-Datacenter Configuration

Related Content

iRule based RADIUS Client Stack

iRule based RADIUS Health Monitor Builder

Server Profile SNI

iRule based RADIUS Server Stack

iRule based 'Natural Speech' Expression Language

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS