F5-Geek
Sep 18, 2018Nimbostratus
Irule help
To create a irule to create a client ssl profile and server ssl profile on Virtual server using SNI
with a wildcard certificate with SAN.
This virtual server would used for different environmet ...
Hi,
This code won’t work
set hostname HTTP::header replace Host "[class match -value [SSL:extension sni name ] equals "hostgroup"]"
May be this one
set hostname [HTTP::header replace Host "[class match -value [SSL:extension sni name ] equals "hostgroup"]" ]
I’m not sure [SSL:extension sni name ] works in HTTP_REQUEST event. You may catch it in CLIENTSSL_CLIENTHELLO, and change the host header in HTTP_REQUEST
when CLIENTSSL_CLIENTHELLO {
set hostname [class match -value [SSL:extension sni name ] equals "hostgroup"]
}
when HTTP_REQUEST {
HTTP::header replace Host $hostname
}
when SERVERSSL_CLIENTHELLO_SEND {
set bin [binary format S1S1S1S1ca* 0 [expr [string length $hostname] + 5] [expr [string length $hostname] + 3] 0 [string length $hostname] $hostname]
SSL::extensions insert $bin
}