Hi
I want to make sure that the SNI hostname and the hostname provided in
the 'Host' header of HTTP match, in order to avoid virtual host
confusion within my backends.
Is it possible to create such an ACL? I already tried someone like this:
http-request set-var(txn.rheader) hdr(host)
acl matching var(txn.rheader) -i %[ssl_fc_sni]
But it seems that '%[ssl_fc_sni]' is interpreted as a literal string
here, instead of the provided SNI value.
I basically want an ACL that matches if 'hdr(host) == ssl_fc_sni' to use
programming language terminology.
Best regards
Tim Düsterhus
I want to make sure that the SNI hostname and the hostname provided in
the 'Host' header of HTTP match, in order to avoid virtual host
confusion within my backends.
Is it possible to create such an ACL? I already tried someone like this:
http-request set-var(txn.rheader) hdr(host)
acl matching var(txn.rheader) -i %[ssl_fc_sni]
But it seems that '%[ssl_fc_sni]' is interpreted as a literal string
here, instead of the provided SNI value.
I basically want an ACL that matches if 'hdr(host) == ssl_fc_sni' to use
programming language terminology.
Best regards
Tim Düsterhus