Note: the above solution only works with certain browsers, those which send the FQDN in the Client Hello. Works: Firefox & Chrome. Does not work: Internet Explorer & openssl s_client. This solution is still satisfactory for my purposes.by TheConsumer - How to...
For anyone who is interested, I achieved this with iptables and a forced RST when the wrong subdomain is specified: iptables -A INPUT -i eth0 -p tcp --tcp-flags FIN,PSH,ACK PSH,ACK --dport -m connbytes --connbytes 3:3 --connbytes-dir original --connbytes-mode packets -m string --algo bm ! --string "" -j REJECT --reject-with tcp-reset iptables -A INPUT -i eth0 -p tcp --dport -j ACby TheConsumer - How to...
Anyone at all?by TheConsumer - How to...
...Anyone?by TheConsumer - How to...
What I would like to achieve: Access to ONLY servers defined, all others receive a 444. What I am getting instead: Desired behavior with port 80 traffic, port 443, not so much. Is it possible, upon the socket being established, to return a RST _before_ the cert exchange? Perhaps upon the Client Hello? I've tried to achieve this with IPTables and string matches, but not all browserby TheConsumer - How to...
Hello, my apologies if this topic has already been covered. I have searched the forum (as well as Google) and was unable to find a relevant post/thread. I have Nginx front-ending several Apache virtual hosts on port 80. I have a python web server behind the Nginx proxy listening on port 1213. I only want Nginx front-ending SSL for the Python app via desired.hostname.com. If I attempt to accby TheConsumer - How to...