Hi list, I've been across several articles about new rules in domain fronting from AWS and Google.
Currently, I'm aware of 3 ways to get the destination host : %[ssl_fc_sni,lower] # Layer 5 %[req.ssl_sni,lower] # Layer 6 %[req.hdr(host),lower] # Layer 7 Is there a simple way to limit TLS domain fronting by forcing SNI and Host header to be the same ? Maybe add an optional parameter like "strict_sni_host" ? Regards, Mildis
