Add SNI Check documentation for English and Portuguese versions#2270
Open
GabrielAzion wants to merge 1 commit into
Open
Add SNI Check documentation for English and Portuguese versions#2270GabrielAzion wants to merge 1 commit into
GabrielAzion wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related issue: EDU-6651
The SNI Check reference documentation has been created.
What was done
New file created — all confidential client data from the draft (
Analise SNI Check.md) was excluded. The public documentation covers:What is SNI — concise explanation of the TLS extension and its relationship to workloads and Certificate Manager.
Request routing decision algorithm — the full decision tree rendered as a fenced code block, followed by a reference table explaining each step in plain technical language. The final
X509_check_hostenforcement step is called out explicitly, including the note that case-insensitive comparison prevents false positives.How to identify if your application is affected — instructs users to monitor for
421 Misdirected Requestresponses, describes the common connection-reuse scenarios that trigger it, and points to Real-Time Events for investigation.How to fix SNI mismatches — actionable guidance: review Certificate Manager entries, use wildcard or multi-SAN certificates, and correlate
421events with thehost/ssl_server_namefields.Why this enforcement matters — explains the SNI Spoofing threat model and why strict validation is the correct security posture.
Standards applied
origin-shield.mdx(title, description, meta_tags, namespace, permalink).Digital Certificates→Certificate Manager;Edge Firewall→Firewall;Azion Edge Platform→Azion Web Platform.