Forum Discussion

Nimbostratus

Oct 10, 2017

SNI Based on IRule

I have a requirement to set SNI based on the incoming context for every subsequent requests by same client to the same back-end server. I have put the following in SERVERSSL_CLIENTHELLO_SEND ...

application delivery

LTM

Kai_Wilke

MVP

Oct 10, 2017

Hi Murugs,

to force an

SERVERSSL_CLIENTHELLO_SEND

event after each single

HTTP_REQUEST

event you would need to execute

[LB::detach]

on/after every single

HTTP_REQUEST

HTTP_RESPONSE

event. But this approach would hurt your overall performance and is absolutely NOT recommended...

I'd like to ask the question why do you need to do that?

You need SNI just to select a specific SSL cert on your web server. After the Server SSL handshake is completed, you can pump as many HTTP request over the established TCP connection / SSL session without the need to further manipulate server side SNI records.

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SNI Based on IRule

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

APM HTTP Connector request and HTTP Headers

Can't change sync type or failover after tenant upgrade.

F5OS (rseries 2800) in transparent mode

How to log HTTP/2 reset_stream

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

Related Content

Serverside SNI injection iRule

SNI Routing with BIG-IP

How to Troubleshoot SNI

SNI Routing with DNS Lookup

iRule based RADIUS Client Stack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS