SNI Error Apache2 Logs
Question
today I am looking at the logs I found this anomaly in apache2.
[ssl:error] [pid 29646] AH02032: Hostname page_not_found provided via SNI and hostname www.site.ltd provided via HTTP are different
Since I'm not very knowledgeable on the subject, I read around some guidance but I did not understand a lot about how to fix it ... In my configuration I have one virtualhost which is the default. Any other file on apache or php are default
I read the problem occurs when you have many virtual hosts with different certificates on a single place, but this is not my case ...
How can i fix the problem? Below can you find the configuration!
PHP 5.6.17-3+deb.sury.org~trusty+1 (cli)
Server version: Apache/2.4.7 (Ubuntu)
/etc/host is default file
default-ssl.conf
<VirtualHost *:80>
ServerName www.site.ltd
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
SSLEngine On
ServerAdmin webmaster@localhost
SSLStrictSNIVHostCheck off
ServerName www.site.ltd
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/site.crt
SSLCertificateKeyFile /etc/apache2/ssl/site.key
SSLCACertificateFile /etc/apache2/ssl/intermediate_site_ca.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
1 answers
solution1
0 2016-01-28 01:35:43
Looks to be due to a dodgy request from a client (likely a bot) rather than something wrong with your config: https://serverfault.com/questions/561945/conflict-between-sni-and-http-provided-domains
I presume you don't get it for every request? If so check the request around that time and then just ignore it (or block that IP if you really want).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.