Right now, sozu checks that the hostname coming from the TLS SNI and the one coming from HTTP's Host header are the same.
Domain fronting is a bug of some proxies where the hostname considered for backend connection is the one from HTTP, thus hiding the real destination from someone observing the communication. It has been used to hide malware traffic, but also as an anti-censorship technique.
Would this be interesting for sozu? (as an option deactivated by default, of course)
Right now, sozu checks that the hostname coming from the TLS SNI and the one coming from HTTP's Host header are the same.
Domain fronting is a bug of some proxies where the hostname considered for backend connection is the one from HTTP, thus hiding the real destination from someone observing the communication. It has been used to hide malware traffic, but also as an anti-censorship technique.
Would this be interesting for sozu? (as an option deactivated by default, of course)