Hello pound mailing list,
Quick question to which I can't seem to find an answer on the mailing list.
In my pound config, I have multiple SSL certificates defined in a
ListenHTTPS block making use of SNI support. Next to that there is also
a ListenHTTP block for non-ssl traffic - both listening on the same ip.
The problem I face is that https requests for a domain for which there
is no certificate are still getting served by pound - it defaults to the
first certificate defined.
For me, this is undesirable for multiple reasons;
- The wrong common-name is shown in the browser
- Google might now try to crawl and index https:// url's for domains for
which I don't offer https
- The website itself is not shown properly (css, images, js not loaded)
because of insecure content warnings
My question is, is there a way to configure pound that it rejects or
redirects these ssl requests for non-matching hostnames? Or is the only
viable solution to run pound on two separate ip's, having ssl domains
pointing at one and non-ssl domains pointing at the other?
Thanks in advance,
Filidor Wiese
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
