First off, I need to call this out to point you to folks who have walked
this path before; https://bz.apache.org/bugzilla/show_bug.cgi?id=56241
That said, our "radically pedantic" switch with HttpProtocolOptions Strict
inflicts such changes on users. Some will be unhappy, but if they serve
the
> Am 24.05.2018 um 14:22 schrieb Yann Ylavic :
>
> On Thu, May 24, 2018 at 2:09 PM, Eric Covener wrote:
>>
>> Thinking about base server and how scanners report it the "vulnerability"...
>>
>> AllowUnmatchedHost[name]?
>> RejectUnknownHost[name]?
>
>
On Thu, May 24, 2018 at 2:09 PM, Eric Covener wrote:
>
> Thinking about base server and how scanners report it the "vulnerability"...
>
> AllowUnmatchedHost[name]?
> RejectUnknownHost[name]?
The one or the other is probably a better name than UseDefaultVHost,
it allows to
On Thu, May 24, 2018 at 2:08 PM, Stefan Eissing
wrote:
>
>
>> Am 24.05.2018 um 14:07 schrieb Yann Ylavic :
>>
>> On Thu, May 24, 2018 at 1:57 PM, Stefan Eissing
>> wrote:
>>>
Am 24.05.2018 um 13:51 schrieb
On Thu, May 24, 2018 at 7:51 AM, Yann Ylavic wrote:
> On Thu, May 24, 2018 at 1:44 PM, Eric Covener wrote:
>> On Thu, May 24, 2018 at 7:34 AM, Stefan Eissing
>> wrote:
>>>
>>>
Am 24.05.2018 um 13:28 schrieb Eric Covener
> Am 24.05.2018 um 14:07 schrieb Yann Ylavic :
>
> On Thu, May 24, 2018 at 1:57 PM, Stefan Eissing
> wrote:
>>
>>> Am 24.05.2018 um 13:51 schrieb Yann Ylavic :
>>>
>>> That'd work (and looks better than Stefan's SNI
On Thu, May 24, 2018 at 1:57 PM, Stefan Eissing
wrote:
>
>> Am 24.05.2018 um 13:51 schrieb Yann Ylavic :
>>
>> That'd work (and looks better than Stefan's SNI oriented proposal),
>> but I wish we had something working for non-SSL vhosts too,
>>
> Am 24.05.2018 um 13:51 schrieb Yann Ylavic :
>
> On Thu, May 24, 2018 at 1:44 PM, Eric Covener wrote:
>> On Thu, May 24, 2018 at 7:34 AM, Stefan Eissing
>> wrote:
>>>
>>>
Am 24.05.2018 um 13:28 schrieb Eric
Personally, I am looking for an option where I do not have to keep "old" vhosts
around.
Also, I would like to avoid that someone points "beastlovers.net" to my ip
address and
people get the greenbytes.de homepage when follwing some spam/phishing mails
(this is
a theoretical thread model, rest
> Am 24.05.2018 um 13:43 schrieb Stefan Priebe - Profihost AG
> :
>
> Hi Stefan,
>
> as i've tried todo nearly the same some weeks ago i can tell you what i did.
:-) In the era of DGSVO, some sites simply wish to disappear silently...
> Comment inline.
>
> Am
On Thu, May 24, 2018 at 1:44 PM, Eric Covener wrote:
> On Thu, May 24, 2018 at 7:34 AM, Stefan Eissing
> wrote:
>>
>>
>>> Am 24.05.2018 um 13:28 schrieb Eric Covener :
>>>
>>> On Thu, May 24, 2018 at 7:23 AM, Stefan Eissing
>>>
> On 24 May 2018, at 12:44, Eric Covener wrote:
>
> On Thu, May 24, 2018 at 7:34 AM, Stefan Eissing
> wrote:
>>
>>
>>> Am 24.05.2018 um 13:28 schrieb Eric Covener :
>>>
>>> On Thu, May 24, 2018 at 7:23 AM, Stefan Eissing
On Thu, May 24, 2018 at 7:34 AM, Stefan Eissing
wrote:
>
>
>> Am 24.05.2018 um 13:28 schrieb Eric Covener :
>>
>> On Thu, May 24, 2018 at 7:23 AM, Stefan Eissing
>> wrote:
>>> Do we have a configuration option to
Hi Stefan,
as i've tried todo nearly the same some weeks ago i can tell you what i did.
Comment inline.
Am 24.05.2018 um 13:34 schrieb Stefan Eissing:
> So, we are lacking an option here to abort SSL connections without a vhost
> match, it seems. Something like
>
> SSLStrictSNIVHostCheck
> Am 24.05.2018 um 13:28 schrieb Eric Covener :
>
> On Thu, May 24, 2018 at 7:23 AM, Stefan Eissing
> wrote:
>> Do we have a configuration option to allow https://hostname/ only to
>> matching vhosts without any default fallback?
>>
>>
On Thu, May 24, 2018 at 7:23 AM, Stefan Eissing
wrote:
> Do we have a configuration option to allow https://hostname/ only to matching
> vhosts without any default fallback?
>
> Scenario:
> - a site with vhost A and B
> - vhost B is taken out, DNS still points there
Do we have a configuration option to allow https://hostname/ only to matching
vhosts without any default fallback?
Scenario:
- a site with vhost A and B
- vhost B is taken out, DNS still points there (for a while)
- browsers opening https://B/ will get the certificate of A and complain
I do
17 matches
Mail list logo