Serverside SNI injection iRule
Updated Jun 06, 2023
Version 2.0Was this article helpful?
Hi Angorya,
Workaround: None.
Seems to be an dead end then, since you can not remove an existing SNI extension from the Handshake for now (see my prequisites Step 3.).
The last chance I see for you is by utilizing a VIP-targeting-VIP setup, so that you can still use SNI to flip SSL Profiles for the client side connection (aka. external VS) while making sure to not forward a SNI value to APM (aka. internal VS). At least this approach will allow you to mitigate the listed condition "Client side ClientHello contains SNI." and would then allow you to insert a SNI value of your choice on the connection between the internal VS and backend servers.
Cheers, Kai