Re: apache/mod_ssl block IP connection attempt?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Mar 3, 2025 at 10:20 PM Schuler, Laurence wrote:
>
> It appears that the HelloClient message has the target hostname within it, so mod_ssl should be able to say "ok, this hostname is *not* in my server cert(s), I'm not going to talk to this guy. reject.

Setting "SSLStrictSNIVHostCheck on" in global configuration would
block connections to non-declared hosts (i.e. not configured in any
ServerName/ServerAlias).
(see https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslstrictsnivhostcheck)

Regards;
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]
  Powered by Linux