[Mod-security-developers] SNI Support With Modsecurity

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

We have modsecurity installed on centos6, which is compiled with
apache2.2.15.  We are using apache reverse proxy.

We are having trouble getting modsecurity interact with SNI based sites.

>From below change log for Apache2.4, can I assume that reverse proxy is not
supported with SNI till Apache 2.4? and so this is less of modsecurity
problem and more of an apache problem?

See: https://www.apachelounge.com/Changelog-2.4.html

Important Part:

*) ab: Set the Server Name Indication (SNI) extension on outgoing TLS

     connections (unless -I is specified), according to the Host header (if

     any) or the requested URL's hostname otherwise.  [Yann Ylavic]

If someone could confirm/double check this assessment that would be great,
and only solution would be recompile modsecurity with apache 2.4?

Looks like there is no modescurity module with apache 2.4 for EL6.

https://access.redhat.com/discussions/2451361

Thanks in advance.

Regards,

SK