Forget about it, I found it in the git: this is a brilliant news :)
req_ssl_sni <string> Returns true when data in the request buffer looks like a complete SSL (v3 or superior) client hello message with a Server Name Indication TLS extension (SNI) matching <string>. SNI normally contains the name of the host the client tries to connect to (for recent browsers). SNI is useful for allowing or denying access to certain hosts when SSL/TLS is used by the client. This test was designed to be used with TCP request content inspection. If content switching is needed, it is recommended to first wait for a complete client hello (type 1), like in the example below. Examples : # Wait for a client hello for at most 5 seconds tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } use_backend bk_allow if { req_ssl_sni -f allowed_sites } default_backend bk_sorry_page On Thu, Mar 29, 2012 at 7:48 PM, Baptiste <bed...@gmail.com> wrote: > Hey Willy, > > I read sooner in January you mentioned that HAProxy is now able to > handle SNI, but I can't find anywhere in the documentation how I can > do it. > (and ebr spoke about it in the office as well). > Can you point me to the right section in the documentation please? > > Cheers