| setsslparameter_snihttphostmatch |
Use this method to set controls how the HTTP 'Host' header value is validated. These checks are performed only if the session is SNI enabled (i.e when vserver or profile bound to vserver has SNI enabled and 'Client Hello' arrived with SNI extension) and HTTP request contains 'Host' header. Available settings function as follows: CERT - Request is forwarded if the 'Host' value is covered by the certificate used to establish this SSL session. Note: 'CERT' matching mode cannot be applied in TLS 1.3 connections established by resuming from a previous TLS 1.3 session. On these connections, 'STRICT' matching mode will be used instead. STRICT - Request is forwarded only if value of 'Host' header in HTTP is identical to the 'Server name' value passed in 'Client Hello' of the SSL connection. NO - No validation is performed on the HTTP 'Host' header value. |
Syntax |
Parameters |
snihttphostmatch |
Controls how the HTTP 'Host' header value is validated. These checks are performed only if the session is SNI enabled (i.e when vserver or profile bound to vserver has SNI enabled and 'Client Hello' arrived with SNI extension) and HTTP request contains 'Host' header.
Available settings function as follows:
CERT - Request is forwarded if the 'Host' value is covered
by the certificate used to establish this SSL session.
Note: 'CERT' matching mode cannot be applied in
TLS 1.3 connections established by resuming from a
previous TLS 1.3 session. On these connections, 'STRICT'
matching mode will be used instead.
STRICT - Request is forwarded only if value of 'Host' header
in HTTP is identical to the 'Server name' value passed
in 'Client Hello' of the SSL connection.
NO - No validation is performed on the HTTP 'Host'
header value. Default value = NS_SSL_SNI_HOST_CERT. Possible Values : NO, CERT, STRICT. |
Return Value |
Returns simpleResult |
See Also |