Hello! I need to get metadata about the TLS handshake, specifically the SNI, to prevent host header spoofing. I serve multiple clients from multiple custom hostnames, so being able to know within the request handler what the SNI being used is needed to be able to prevent host header spoofing attacks, which are quite serious here. Is this possible at the moment? Is there workaround if not?
Hello! I need to get metadata about the TLS handshake, specifically the SNI, to prevent host header spoofing. I serve multiple clients from multiple custom hostnames, so being able to know within the request handler what the SNI being used is needed to be able to prevent host header spoofing attacks, which are quite serious here. Is this possible at the moment? Is there workaround if not?