caddyhttp: Return HTTP 421 for mismatched Host header (#4023)

Potential fix for #4017 although the consensus is unclear. Made change to return status code 421 instead of 403 when StrictSNIHost matching is on.
author: rayjlinden <42587610+rayjlinden@users.noreply.github.com> 2022-01-12 13:24:22 -0800
committer: GitHub <noreply@github.com> 2022-01-12 14:24:22 -0700
commit: 850e1605df140a0b52d7bd4c3a1c3567a67699e1 (patch)
tree: 0f4c3197c4b1587b7fc4bbef429d7314ed26bbcd /modules/caddyhttp/server.go
parent: af1ac9cd2ecf95deabb194095cf5c5e66ee2fe86 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go
index 98fd962..e302c36 100644
--- a/modules/caddyhttp/server.go
+++ b/modules/caddyhttp/server.go
@@ -302,7 +302,7 @@ func (s *Server) enforcementHandler(w http.ResponseWriter, r *http.Request, next
 			err := fmt.Errorf("strict host matching: TLS ServerName (%s) and HTTP Host (%s) values differ",
 				r.TLS.ServerName, hostname)
 			r.Close = true
-			return Error(http.StatusForbidden, err)
+			return Error(http.StatusMisdirectedRequest, err)
 		}
 	}
 	return next.ServeHTTP(w, r)
author	rayjlinden <42587610+rayjlinden@users.noreply.github.com>	2022-01-12 13:24:22 -0800
committer	GitHub <noreply@github.com>	2022-01-12 14:24:22 -0700
commit	850e1605df140a0b52d7bd4c3a1c3567a67699e1 (patch)
tree	0f4c3197c4b1587b7fc4bbef429d7314ed26bbcd /modules/caddyhttp/server.go
parent	af1ac9cd2ecf95deabb194095cf5c5e66ee2fe86 (diff)