|
|
|
|
|
|
by adamfisk
1314 days ago
|
|
|
Oh it's also worth noting that Cloudflare is actually more aggressive in blocking domain fronting than almost anyone else. Lots of folks match the SNI to the Host header, but Cloudflare takes it a step further and also makes sure that TLS connections without SNI have a Host header that's scoped to the IP/server they're actually visiting. That means you can't, for example (not that we would ever, ever do this hehehe), scan the whole Cloudflare IP space for IPs to front through without SNI. |
|
|