CirrusWhere in the event flow is SNI evaluated? And would it interfere with an iRule that fired on the same event?
i.e.
CLIENT_ACCEPTED
CLIENTSSL_HANDSHAKE
CLIENTSSL_CLIENTCERT
CLIENTSSL_CLIENTHELLO
HTTP_REQUEST
MVPHi ,
the earliest event you can evaluate the SNI is CLIENTSSL_CLIENTHELLO. Please see this diagram at packetpushers: https://packetpushers.net/f5-networks-irule-event-order-https/
It describes the order of iRule events in a HTTPS connection.
How will it interfere when there is an iRule that uses the same event?
Read this devcentral article: https://devcentral.f5.com/s/articles/getting-started-with-irules-events-priorities-20402, pay attention to the section headlined "What happens if I have the same event in multiple iRules on a virtual server?".
KR
Daniel
CirrusForget about iRules - bit of a red herring. I am familiar with the event order charts and event priorities. None of them include info about SNI.
What I want to know is: during which event, during the normal, default course of events. without an iRule involved, is SNI evaluated and matched?
MVPYou listed five iRule events as examples and you asked if it could interfere with iRules. Hence my assumption was, you are asking for an iRule event.
RFC 6066: In order to provide any of the server names, clients MAY include an extension of type "server_name" in the (extended) client hello.
Is this the kind of event you are looking for? Or what do you understand as "default course of events"?