"
We're using OPNsense(s) running version 25.1 with haproxy in front of several VMs with a lot of webservers having a lot of different domain-/hostnames.
After the last apache CVE patch about 3 weeks ago (at least on ubuntu systems) we have the problem with the "Error 421 Misdirected Request" message.
The are a lot of posts describing how to solve this on plesk or similar systems or native nginx proxies. But what about haproxy?
The problem is the missing "SSL_TLS_SNI" header in the requests, haproxy is forwarding to the matching target webserver.
Does anyone have the same problem and maybe sovled this problem already?
We tried to set up an additional an complrte new firewall with OPNsense version 25.7, but this does not solve this problem so far.
I can't find any haproxy settings in either OPNsense versions to fix the problem.
Thanks in advance,
DT
After the last apache CVE patch about 3 weeks ago (at least on ubuntu systems) we have the problem with the "Error 421 Misdirected Request" message.
The are a lot of posts describing how to solve this on plesk or similar systems or native nginx proxies. But what about haproxy?
The problem is the missing "SSL_TLS_SNI" header in the requests, haproxy is forwarding to the matching target webserver.
Does anyone have the same problem and maybe sovled this problem already?
We tried to set up an additional an complrte new firewall with OPNsense version 25.7, but this does not solve this problem so far.
I can't find any haproxy settings in either OPNsense versions to fix the problem.
Thanks in advance,
DT
