вт, 1 дек. 2020 г. в 00:37, Tim Düsterhus <[email protected]>:
> Ilya,
>
> Am 30.11.20 um 20:21 schrieb Илья Шипицин:
> > I guess here are people running similar high density SSL hosting, do you
> > have some approaches to please Chrome ? I would be happy if I can tell
> him
> > to open separate connections for the domains that I wish.
> >
>
> Use HTTP 421 Misdirected Request:
>
> > http-request set-var(txn.host) hdr(host)
> > http-request deny deny_status 400 unless { req.hdr_cnt(host) eq
> 1 }
> > http-request deny deny_status 421 unless {
> ssl_fc_sni,strcmp(txn.host) eq 0 }
>
above approach works for Chrome (and does not work for Safari)
unfortunately we found Safari is using connection reuse just like Chrome,
and Safari does not handle 421 properly
look like "something on Safari side"
>
> Or just use a dedicated certificate or IPv6 address per customer.
>
> Best regards
> Tim Düsterhus
>
