iRule to extract SNI and forward to Virtual Server

Hey guys, Currently I use traffic policies on a frontside VS to inspect the SNI and forward the traffic to a backside VS properly. I tried to use an iRule instead because sometimes traffic policies ...

irule

LTM

DanSkow

Aug 27, 2024

This looks great Lucas. Line 6 is missing the close quote. To make it map fqdn's to virtuals, I assume it would look like this:

when CLIENTSSL_CLIENTHELLO priority 100 {
if {[SSL::extensions exists -type 0]} {
  binary scan [SSL::extensions -type 0] @9a* SNI
  if {[regexp {(?i)[^a-z0-9.-]} $SNI]} {
    log local0. "CLIENTSSL_CLIENTHELLO client offered bogus SNI: $SNI" } 
    elseif {[info exists SNI] && ($SNI equals "fqdn-a.com")} {
        virtual a 
        #log local0. "CLIENTSSL_CLIENTHELLO client offered this SNI: [string tolower $SNI]"
  }
    elseif {[info exists SNI] && ($SNI equals "fqdn-b.com")} {
        virtual b 
        #log local0. "CLIENTSSL_CLIENTHELLO client offered this SNI: [string tolower $SNI]"
  }
}
}

Forum Discussion

iRule to extract SNI and forward to Virtual Server

Recent Discussions

What is the use of epsec-package file in APM ?

201 Recommendations for Study

URL redirect

Cookie Persistence configured on VS but no logs

Cisco ISE Load Balancing

Related Content

APM SAML IdP - SP Issuer Extraction

IP forwarding issue

HTTP Forward Proxy - v3.2

Policy to forward to a range of ports

Integrating SSL Orchestrator with Cisco WSA Virtual Edition