Michael Orlitzky wrote: > On 08/03/2016 12:46 PM, Volker Braun wrote: >> >> * You can't block by url on https >> > > This is unfortunately becoming less and less true. With Server Name > Indication (SNI), the web server waits to see the Host header in your > request before deciding which certificate to present to you. That lets > you host multiple HTTPS sites on a single IP address, but also means > that the Host header (e.g. Host: github.com) must be sent in plain text. > > It's a bit academic for smaller sites -- if there's only one IP address > associated with my website, you can just block the IP instead. But for a > larger organization that can spin up new IPs on demand, it's a > regression. There are apparently people working on fixing that in the > TLS protocol, but for now, big parts of github (and everywhere else) use > unencrypted SNI.
I guess Volker rather meant everything but the hostname; while you may be able to block foo.github.com, you cannot block github.com/foo selectively. -leif -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
