How to implement LTM forward proxy client to determine the diversion pool based on the domain name
Through testing, I found that if I simply use all-zero virtual services and use standard mode, I must use the client SLL profile to obtain the SIN domain name in the TLS handshake message sent by the client. However, I don’t know what the domain name certificate that the client needs to access is for the client Internet exit. It is not fixed, and these certificates may not exist on my device. If I use a self-signed domain name certificate, the intranet client will prompt "Do not trust the domain name site". Does anyone have a better solution for this? The F5 forward proxy needs to know what the domain name requested by the client is or provide irules events or commands! Thank you for every reader’s reply! when CLIENTSSL_HANDSHAKE { binary scan [SSL::extensions -type 0] {@9A*} sni_name log local0. "$sni_name" pool ChinaRadioTelevisionPool } } #This method currently lacks remote certificate issues, prompting unsafe trust. Is there any other way to obtain the domain name information sent by the client for diversion? ltm virtual OverseasApplications { destination 0.0.0.0:https ip-protocol tcp mask any profiles { ForwardClientSSL { context clientside } ForwardServerSSL { context serverside } Forward_HTTP { } apm-forwarding-client-tcp { } } rules { OutboundIRules } source 0.0.0.0/0 source-address-translation { pool ChinaRadioTelevisionSNATPOOL type snat } translate-address disabled translate-port disabled vlans { internal_vlan_13 } vlans-enabled vs-index 3 }
