F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!
23-Sep-2021 13:54
Where in the event flow is SNI evaluated? And would it interfere with an iRule that fired on the same event?
i.e.
CLIENT_ACCEPTED
CLIENTSSL_HANDSHAKE
CLIENTSSL_CLIENTCERT
CLIENTSSL_CLIENTHELLO
HTTP_REQUEST
24-Sep-2021 00:16 - last edited on 24-Mar-2022 01:18 by li-migration
Hi ,
the earliest event you can evaluate the SNI is CLIENTSSL_CLIENTHELLO. Please see this diagram at packetpushers: https://packetpushers.net/f5-networks-irule-event-order-https/
It describes the order of iRule events in a HTTPS connection.
How will it interfere when there is an iRule that uses the same event?
Read this devcentral article: https://devcentral.f5.com/s/articles/getting-started-with-irules-events-priorities-20402, pay attention to the section headlined "What happens if I have the same event in multiple iRules on a virtual server?".
KR
Daniel
24-Sep-2021 01:34
Forget about iRules - bit of a red herring. I am familiar with the event order charts and event priorities. None of them include info about SNI.
What I want to know is: during which event, during the normal, default course of events. without an iRule involved, is SNI evaluated and matched?
24-Sep-2021 01:52
You listed five iRule events as examples and you asked if it could interfere with iRules. Hence my assumption was, you are asking for an iRule event.
RFC 6066: In order to provide any of the server names, clients MAY include an extension of type "server_name" in the (extended) client hello.
Is this the kind of event you are looking for? Or what do you understand as "default course of events"?
or learn more...
