SNI and AFLEX

Product Discussions aFleX
, ,
1

Hi all,
I have a problem with aflex configured on a VIP with a SNI template applied. On the VIP I have exposed application for domain1 (the default certificate in the SSL template) and 2 services for domain2. SNI template i sworking fine but now I need to add on the VIP an aflex like this:

#Rewrite if {[HTTP::host] matches “<host.domain2>”} { if {([HTTP::uri] starts_with “/newsletters”) } { pool sg_pool2 } }

The problem is that when I recall host.domain2 the aflex is never matched so I cannot pool on the correct service group when /newsletters is inside URI. If I remove SNI template the aflex is correctly matched, is there a way to do that with SNI?

Thanks in advance

Luca

2

Hi Luca,

It sounds to me like a score issue. I suggest you to file a support ticket in order to identify and fix it.

Kind Regards,

Manuel

3

Hi Manuel,
thank you I solved. It wasn’t a problem related to the SNI itself but an incorrect aflex applied to the VIP.

Luca

4

Well. good stuff!
Shall I propose you to post the solution aFlex here, so we can leverage also on what you learnt ?
Cheers,

Manuel

5

Sure, the problem was that I needed to balance on different SG based on the URI called on a single host. On the same VIP was applied SNI but the SG wasn’t correctly choosed. I thought the issue was related to the SNI instead it was on the aflex that choose SG, Underneath the correct one:

if \{[HTTP::host] matches\_regex "(site1|site2)\\.example.com"\} \{
set lbpool "sg\_gen\_1"
if \{([HTTP::uri] equals "/")\} \{
    HTTP::redirect https://[HTTP::host]/test1
  \} 
 
  if \{([HTTP::uri] starts\_with "/newsletters") or ([HTTP::uri] starts\_with "/datasheet")\} \{
    set lbpool "sg\_gen\_2"
  \}

pool $lbpool
}