|
|
|
|
|
|
by coderobe
2417 days ago
|
|
|
>As long as the origin has SSL, the communication is secure end-to-end. It cannot be secure end-to-end, as your edge location is quite literally performing a MITM. That aside: How are you validating the TLS cert that the origin presents? Going by the info on your website, the possibilities are as follows: Scenario 1: The SAAS provider presents a TLS cert not valid for customer-domain.com when accessed as customer-domain.com Scenario 2: The SAAS provider presents a TLS cert valid for customer.saasprovider.com when accessed as customer.saasprovider.com Assuming scenario 1, you would need to validate the certificate out-of-band as the traditional trust chain does not validate for the given domain.
Assuming scenario 2, you would need to rewrite the URLs from customer.saasprovider.com to customer-domain.com to prevent the users from following generated resource URLs to the origin domain.
Or am i missing something? |
|
|