Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Pinning origin certificate with different SAN

    Posted 12-22-2020 07:55
    Edited by Shannon Creghan 12-22-2020 07:56

    Hi,

    is possible to pin origin certificate and to tell Distil to reach origin querieng a different host header than the one coming from the client?

    So if the client is trying to reach www.asdasd.com- Distil will reach origin presenting connection as www.blablabla.com as an example...

    Best regards,

    Riccardo

     


    #ContentDeliveryNetwork

    ------------------------------
    Riccardo Roasio
    CriticalCase
    ------------------------------



  • 2.  RE: Pinning origin certificate with different SAN

    Posted 12-28-2020 07:32

    Yes I have done so before



    ------------------------------
    Ashlee Holten
    Ashlee Holten
    ------------------------------

    Original Message


  • 3.  RE: Pinning origin certificate with different SAN

    Posted 12-28-2020 09:12

    I'm not sure about your Distil configuration, but if you are are using the Imperva connector (your sites are directing traffic through the Imperva Cloud WAF), then you can do the redirection there.

    Check out https://docs.imperva.com/bundle/cloud-application-security/page/more/cname-reuse.htm for an example.

    If you want to use a different domain on the backend than the one you create on the front end, you may need to use a Cloud WAF rule.  See https://docs.imperva.com/bundle/cloud-application-security/page/rules/create-rule.htm and search for "domain".  You may need to add the Advanced Delivery Rules/ Load Balancing feature to your Cloud WAF subscription to add the header rewrite action.  

    Jim