My frontend is in TCP mode and I use the following acl rule to extract the sni.
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl is_my_domain req.ssl_sni -i www.domain.com
How can log the sni in access logs? I’ve already tried
log-format "%[var(req.ssl_sni)]"
And it seems to only write “-” in the log. I’ve confirmed that I’m doing a HTTPS request with SNI.
NOTE:- I use this rule to change the backend based on SNI and that’s working which confirms that the tcp buffer matching rule and ACL rules are written correctly.
1 post - 1 participant