Forget about it, I found it in the git:
this is a brilliant news :)
req_ssl_sni <string>
Returns true when data in the request buffer looks like a complete SSL (v3
or superior) client hello message with a Server Name Indication TLS extension
(SNI) matching <string>. SNI normally contains the name of the host the
client tries to connect to (for recent browsers). SNI is useful for allowing
or denying access to certain hosts when SSL/TLS is used by the client. This
test was designed to be used with TCP request content inspection. If content
switching is needed, it is recommended to first wait for a complete client
hello (type 1), like in the example below.
Examples :
# Wait for a client hello for at most 5 seconds
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend bk_allow if { req_ssl_sni -f allowed_sites }
default_backend bk_sorry_page
On Thu, Mar 29, 2012 at 7:48 PM, Baptiste <[email protected]> wrote:
> Hey Willy,
>
> I read sooner in January you mentioned that HAProxy is now able to
> handle SNI, but I can't find anywhere in the documentation how I can
> do it.
> (and ebr spoke about it in the office as well).
> Can you point me to the right section in the documentation please?
>
> Cheers
