On 08/03/2016 12:46 PM, Volker Braun wrote: > > * You can't block by url on https >
This is unfortunately becoming less and less true. With Server Name Indication (SNI), the web server waits to see the Host header in your request before deciding which certificate to present to you. That lets you host multiple HTTPS sites on a single IP address, but also means that the Host header (e.g. Host: github.com) must be sent in plain text. It's a bit academic for smaller sites -- if there's only one IP address associated with my website, you can just block the IP instead. But for a larger organization that can spin up new IPs on demand, it's a regression. There are apparently people working on fixing that in the TLS protocol, but for now, big parts of github (and everywhere else) use unencrypted SNI. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
