[RndTbl] weird apache hit

Adam Thompson athompso at athompso.net
Fri Feb 21 13:21:24 CST 2020

On 2020-02-21 12:42, Trevor Cordes wrote:
> On 2020-02-21 athompso at athompso.net wrote:
>> Pretty sure this wouldn't have happened with nginx :-D.
> Hahaha.  Maybe!
>> Seriously, why not just make the TLS Virthost *:443 to both cover
>> this scenario _and_ enable SNI simultaneously?  Is there any harm in
>> people using the other IP address? -Adam
> Well, we were and will in the future use the 2nd/3rd IP addresses in
> apache again.  It's just at the moment we are not.  If I fix it that
> way now, then I enable the 2nd IP again in the future, I'll still have
> the same bug problem on the 3rd IP.
> As for SNI... what is everyone's opinion of that?  Is it "here" now in
> the sense that 99.999% of end-user browsers will support it?  Put
> another way, does FB and google require SNI support to hit their sites?
> On our production server we don't want to lock out any user just
> because they don't happen to support SNI.  (Yes, TLS limitations will
> probably bite people before SNI limitations...)

SNI went mainstream (i.e. >90% client support) several years ago, and 
yeah, I guess we're probably at the >>99% mark by now?  Literally XP SP3 
w/IE7 is the last thing I know of that doesn't support SNI.  Or Android 
2.1, and I don't think any of those devices are still alive.


More information about the Roundtable mailing list