For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chip_Hudgins_64's avatar
Chip_Hudgins_64
Icon for Nimbostratus rankNimbostratus
Jun 17, 2005

SSL client profile based on hostname

Is there anyway to select or change the SSL client profile based on hostname?

 

 

If is easy to find the hostname in an HTTP_REQUEST but then how could you set the SSL client profile? I am trying to have one VIP for multiple SSL sites each with different SSL certificates for each.

 

 

Thanks in advance.
application delivery
dev
devops
iRules

21 Replies

Show More
  • Gauthier_Delac1's avatar
    Gauthier_Delac1
    Icon for Nimbostratus rankNimbostratus
    Sep 28, 2011
    Hi,

     

     

    It's not easy because user agent header is sent after SSL handshake (even with SNI).

     

     

    But in this iRule (http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086451/Multiple-Certs-One-VIP-TLS-Server-Name-Indication-via-iRules.aspx), you can use detect_handshake variable to know if SNI has been used.

     

     

    Then depending on what you call "kick", you can use this variable in any other event to handle unsupported clients the way you want.