mirror of
				https://github.com/therootcompany/greenlock.js.git
				synced 2024-11-16 17:29:00 +00:00 
			
		
		
		
	better error message for domain fronting
This commit is contained in:
		
							parent
							
								
									781a735146
								
							
						
					
					
						commit
						e71298c305
					
				
							
								
								
									
										9
									
								
								index.js
									
									
									
									
									
								
							
							
						
						
									
										9
									
								
								index.js
									
									
									
									
									
								
							| @ -521,8 +521,13 @@ Greenlock.create = function (gl) { | |||||||
|         if (req.socket && 'string' === typeof req.socket.servername) { |         if (req.socket && 'string' === typeof req.socket.servername) { | ||||||
|           if (safehost && (safehost !== req.socket.servername.toLowerCase())) { |           if (safehost && (safehost !== req.socket.servername.toLowerCase())) { | ||||||
|             res.statusCode = 400; |             res.statusCode = 400; | ||||||
|             res.end("Don't be frontin', yo!" |             res.setHeader('Content-Type', 'text/html; charset=utf-8'); | ||||||
|               + " TLS SNI '" + req.socket.servername.toLowerCase() + "' does not match 'Host: " + safehost + "'"); |             res.end( | ||||||
|  |                 "<h1>Domain Fronting Error</h1>" | ||||||
|  |               + "<p>This connection was secured using TLS/SSL for '" + req.socket.servername.toLowerCase() + "'</p>" | ||||||
|  |               + "<p>The HTTP request specified 'Host: " + safehost + "', which is (obviously) different.</p>" | ||||||
|  |               + "<p>Because this looks like a domain fronting attack, the connection has been terminated.</p>" | ||||||
|  |             ); | ||||||
|             return; |             return; | ||||||
|           } |           } | ||||||
|         } else if (safehost && !gl.middleware.sanitizeHost._skip_fronting_check) { |         } else if (safehost && !gl.middleware.sanitizeHost._skip_fronting_check) { | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user