Armin Abfalterer
Armin Abfalterer
> One of the stack traces you show is a from a child exiting. Just to confirm that we are investigating the right thing: can you confirm crashes without the...
> Can you compile the mod_md from 2.4.53 in the 2.4.54 into your test server to check that the problems disappear? That would lay the blame solely at my door......
Oh, I made a mistake building httpd 2.4.54 with mod_md from 2.4.53... I did it again and I have to revise my statement: indeed, with mod_md 2.4.53 the problem did...
> Thanks, this looks like a good change. > > Needs DCO fixed: https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md#fixing-dco DCO is fixed
> Can you fix it so it's just the one file change again, against main? it's now one commit against main, is that ok?
> not sure it detracts from the issue presented as its the same host, but the oauth filter doesnt communicate with the `authorizationEndpoint` it merely redirects the user there -...
I carried out additional tests with the oauth2 filter and was able to prove that setting _sni_ on the [UpstreamTlsContext](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/tls.proto#extensions-transport-sockets-tls-v3-upstreamtlscontext) forces certificates to be verified against _trusted_ca_.
> great @arminabf can we close this ticket ? the documentation doesn't say that the certificate checks only take place when SNI is set, so I think I'm not the...
Hi @airween > First of all, could you explain why does it need to install CRS 3.3.5 and **upgrade** that to 4.2.0? Does it need it just to see the...
Hi, this is the audit_log entry with v3.3.5 ``` --5842a83c-A-- [30/Apr/2024:06:26:05.770169 +0200] ZjBy3Sh_XeFfdh6zCHQFQQAAAAE ANON --5842a83c-H-- Message: Warning. Unconditional match in SecAction. [file "/opt/usp/hsp/global/crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "76"] [id "959099"] [msg "Outbound Anomaly...