This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
restrictions [2018/02/18 04:44] ispyisail [Access Restrictions] |
restrictions [2019/02/24 20:15] lantis [Access Restrictions] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Access Restrictions ====== | ====== Access Restrictions ====== | ||
- | Access Restriction up until 1.10.1 only blocked http Traffic. Version 1.10.1 and above now blocks http and https (encrypted) traffic. | + | Access Restriction up until 1.10.0 only blocked http Traffic. Version 1.11.0 and above now blocks http and https (encrypted) traffic. |
This is achieved by leveraging the Server Name Indication (SNI) extension of the TLS1.2 standard in HTTPS authentication. The host name (e.g. example.com) is served in the clear in the packet so that the server knows which certificate to send back to the client. The path (e.g. /foo.html) is only sent once the transmission is fully encrypted. That is to say, we can only match the domain of HTTPS traffic. | This is achieved by leveraging the Server Name Indication (SNI) extension of the TLS1.2 standard in HTTPS authentication. The host name (e.g. example.com) is served in the clear in the packet so that the server knows which certificate to send back to the client. The path (e.g. /foo.html) is only sent once the transmission is fully encrypted. That is to say, we can only match the domain of HTTPS traffic. |