ils in the thread also.
Depending on you exact set-up of certificates you might or might not
break legitimate requests when preventing domain fronting.
Best regards
Tim Düsterhus
Hi Mildis (and this time the list too),
Mildis wrote:
> Is there a simple way to limit TLS domain fronting by forcing SNI and Host
> header to be the same ?
> Maybe add an optional parameter like "strict_sni_host" ?
You can do a little trick here to enforce this withou
Hi list,
I've been across several articles about new rules in domain fronting from AWS
and Google.
Currently, I'm aware of 3 ways to get the destination host :
%[ssl_fc_sni,lower] # Layer 5
%[req.ssl_sni,lower] # Layer 6
%[req.hdr(host),lower] # Layer 7
Is there a simple way to
3 matches
Mail list logo