Forum Discussion
AaronJB
Sep 06, 2022SIRT
I believe you're on the right lines by including the server name in the server SSL profile, but I think (even if there's only one profile) you have to enable the "serverssl-use-sni" feature on the Virtual Server: https://support.f5.com/csp/article/K39408450
If that isn't working then you could probably pull the SNI field out of the server side connection using iRules and the SSL::extensions command. Kai_Wilke has an example of inserting the SNI header here (which is an alternative for versions earlier than 15.1.x or if you didn't want to use multiple SSL profiles and the serverssl-use-sni featurea) which could be used as the basis to build a rule to extract and log the header instead.