sni hostname and request Host header mismatch
francis at daoine.org
Thu Oct 11 07:07:47 UTC 2018
On Wed, Oct 10, 2018 at 05:11:40PM -0700, Frank Liu wrote:
> http://hg.nginx.org/nginx/rev/4fbef397c753 indicates the check is only done
> for the 2-way SSL virtual host.
> Has everything been added (maybe through a directive) for 1-way SSL since
$ssl_server_name is the name from SNI.
$http_host is the Host: header.
$host is the host from the request (which usually should be absent),
or the host from the Host: header (which usually should be present),
or the (first) server_name of the matched server.
I think that there is not an extra directive; but you can manipulate
and compare those variables as is appropriate for your situation.
Specifically: in an SNI-only server, if $host is not the same as
$ssl_server_name, something funny is going on.
Francis Daly francis at daoine.org
More information about the nginx