On 22/7/25 14:23, Frédéric Goudal wrote:
I have had the same problem with the last version of apache on ubuntu.
My configuration was a front reverse proxy nginx on an host and the apache
server on another one.
So in the proxy I redirected the trafic to the apache server with
https://server.network
But on the apache server I had a virtual host named service.network
So.. when the SSL connexion is established, the SNI is sent in the SSL
negoctiation with the nams server.network, but the apache server is waiting for
service.netwok as it is the virtual hostname.
Si it sends the error :
Misdirected Request
The client needs a new connection for this request as the requested host name does
not match the Server Name Indication (SNI) in use for this connection."
Clearly this is a new behavior and it is very problematic when you do virtual
hosting.
I could correct the problem by editing the nginx configuration : I add the two
following lines :
proxy_ssl_server_name on;
proxy_ssl_name $host;
which means that during SSL negotiation it the $host name (so service.network)
that is sent. And apache is happy.
I don’t know how to correct the problem on your situation.
I have read that this behavior has been corrected in the 2.4.62 version (but I
have not tested it).
f.g.
Where is the problem exactly?
If DNS is server.network but virtualhost is service.network there is clearly a
name mismatch there.
Apache httpd always replies with first virtualhost of there are no matches in
the virtualhost list, so the error is correctly placed and there is nothing new
there.
---
Daniel
Help at #httpd in Libera.chat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
