Re: (possibly off topic) how to handle Chrome on SSL mass hosting ?

Mon, 30 Nov 2020 11:37:37 -0800 

Ilya,

Am 30.11.20 um 20:21 schrieb Илья Шипицин:
> I guess here are people running similar high density SSL hosting, do you
> have some approaches to please Chrome ? I would be happy if I can tell him
> to open separate connections for the domains that I wish.
> 

Use HTTP 421 Misdirected Request:

>       http-request   set-var(txn.host)    hdr(host)
>       http-request   deny deny_status 400 unless { req.hdr_cnt(host) eq 1 }
>       http-request   deny deny_status 421 unless { 
> ssl_fc_sni,strcmp(txn.host) eq 0 }

Or just use a dedicated certificate or IPv6 address per customer.

Best regards
Tim Düsterhus

Reply via email to