I have a on_demand tls setup and its working wonderful. However I am looking how to setup a redirect or custom error page in case the on_demand tls is denied… ie. the request for the domain name is denied.
2.4.6
It’s impossible to write an HTTP response on a TLS handshake error. The client doesn’t trust the connection because the server doesn’t have a trusted certificate to encrypt the connection.
yes of course you’re right.
I guest i should just allow all domains and then make decision where to route them.
That’s a very bad idea. You’d open yourself up to denial of service attacks by someone who points their own wildcard subdomain to your server’s IP and makes infinite requests each with a different domain; it would force your server to try to issue a cert for each of those domains, until you hit rate limits or run out of disk space.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.