[sslh] SSL host headers is this possible?
Yves Rutschle
yves at naryves.com
Tue Oct 30 08:33:18 CET 2012
On Mon, Oct 29, 2012 at 10:29:53AM +0000, Ercolino de spiacico wrote:
> I'm trying to figure out if sshl can do forwarding of https sites based on hostnames.
> What I would like to do is:
> One single WAN 443 port on the router forwarding to 3 different LAN IP based on host
> headers.
If you're talking about the HTTP hostname, found e.g. in the
"GET" or "POST" command, then it's not possible as that
command is ciphered and can only be deciphered after
associating it with a hostname... Can't be done, by sslh or
by Apache in fact.
Which is why TLS was extended with Server Name
Identification (RFC6066, 3. SNI). It involves browser
support, and might work with sslh by using the regular
expression probe to find the ServerName record.
An alternative is to put stunnel as a front to decipher
SSL, then sslh with regex probes on the HTTP command to
dispatch the connection. Which is an interesting,
un-intended use of sslh :) .
Y.
More information about the sslh
mailing list