Skip to content

relaxed domain fronting protection #809

New issue
New issue
Open
Open
relaxed domain fronting protection#809
Milestone
4.7 Priority 1
@ra-at-diladele-com

Description

@ra-at-diladele-com
ra-at-diladele-com
opened on Sep 29, 2025

We currently block something like:

param1": "domain_fronting",
"param2": "pod01-prot2.eus.backup.windowsazure.com:443 != pod01-prot2.eus.backup.windowsazure.com:"

Here the port is not present. We might better tweak the logic so that if port is not set and it is the HTTPS connection - set the 443 as default - this will allow such connections and do NOT trigger the domain fronting block.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions