Chris Narkiewicz
2021-04-12 00:11:53 UTC
I have a machine with OpenBSD 6.8 and with 2 network interfaces:
egress
intranet
httpd has 3 vhosts defined:
server "default" {
listen on * tls port 443
...
location * {
block return 403
}
}
server "externalapp.publicdomain.net" {
listen on egress tls port 443
...
}
server "internalapp.privatedomain.net" {
listen on intranet tls port 443
...
}
So far so good, but when I try to access
"internalapp.privatedomain.net" from the internet, it serves the page
happily. I double checked that I had no access to the intranet at that
moment.
But when I change "default" server to:
server "default" {
listen on egress tls port 443
listen on intranet port 443
...
}
and try again, I get proper 403.
Is that a bug or some sort of non-intuitive behavior of listen on *
stanza?
Cheers,
Chris
egress
intranet
httpd has 3 vhosts defined:
server "default" {
listen on * tls port 443
...
location * {
block return 403
}
}
server "externalapp.publicdomain.net" {
listen on egress tls port 443
...
}
server "internalapp.privatedomain.net" {
listen on intranet tls port 443
...
}
So far so good, but when I try to access
"internalapp.privatedomain.net" from the internet, it serves the page
happily. I double checked that I had no access to the intranet at that
moment.
But when I change "default" server to:
server "default" {
listen on egress tls port 443
listen on intranet port 443
...
}
and try again, I get proper 403.
Is that a bug or some sort of non-intuitive behavior of listen on *
stanza?
Cheers,
Chris