Depending on you exact set-up of certificates you might or might not
break legitimate requests when preventing domain fronting.
Hi Mildis (and this time the list too),
> Is there a simple way to limit TLS domain fronting by forcing SNI and Host
> header to be the same ?
> Maybe add an optional parameter like "strict_sni_host" ?
You can do a little trick here to enforce this wit
I've been across several articles about new rules in domain fronting from AWS
Currently, I'm aware of 3 ways to get the destination host :
%[ssl_fc_sni,lower] # Layer 5
%[req.ssl_sni,lower] # Layer 6
%[req.hdr(host),lower] # Layer 7
Is there a simple way to limit TLS
Mail list logo