Forum Discussion
viziony wrote: ChoiceADVANTAGEWould any know how I can incorporate these 2 iRules into one or can they be ran independently and both iRules are utilized on the same VIP?
My scenario, if a connection comes in for a particular client we would like to present that client with a particular cert we have defined, once that check is completed the traffic would then proceed to path based routing irule.
Referring to this article for TLS SNI https://support.f5.com/csp/article/K13452
This code is for TLS SNI
when HTTP_REQUEST {
set hostname [getfield [HTTP::host] ":" 1]
}
when SERVER_CONNECTED {
switch -glob [string tolower $hostname] {
"siteA.com" {
SSL::profile serverssl-siteA
}
"siteB.com" {
SSL::profile serverssl-siteB
}
default {
#default serversssl profile to be selected if Host header value cannot be matched with predefined values
SSL::profile serverssl
}
}
}AND
when HTTP_REQUEST {
switch -glob -- [string tolower [HTTP::uri]] {
"/test*" -
"/test2.php*" -
"/tt/*" -
"/aa/*" -
"*/example/*" {
pool pool-A
}
default {
pool pool-B
}
}
}
I tried adding the second cert to the VIP however I received a warning/error msg : 0107149c:3: Virtual server /Common/xxxxxxx has more than one clientssl/serverssl profile but none of them is default for SNI.