iOS and Safari – Misdirected Request Issue on Apple Devices

apache-2.2apache-2.4iossafariweb-server

The whole error

Misdirected Request

The client needs a new connection for this request as the requested
host name does not match the Server Name Indication (SNI) in use for
this connection.

Apache Server at stories.therelevancehouse.com Port 443

I have a blog page linked with my company website https://www.therelevancehouse.com/. When I try to go from this page to https://stories.therelevancehouse.com/ using the header navigation "STORIES" button, it shows the above-mentioned error. But if I refresh the page then it works. Also when I directly open https://stories.therelevancehouse.com/ and try to go back to the main page by clicking on the logo on the top left corner, it shows the same error.

Best Answer

This link seems to indicate that you can request your SSL provider to set-up SNI for your multi-domain certificate to fix the error: https://webidextrous.com/how-to-solve-421-misdirected-request-errors/

Related Solutions

Apache2 SSL – Redirect to SSL Only if Browser Supports SNI

Since SNI occurs during the SSL/TLS handshake, it's not possible to detect browser support when the client connects to HTTP.

So, you're right; a user-agent filter is the only way to do this.

The big question is whether you want to act on a blacklist against browsers that you know won't listen for SNI, or a whitelist of browsers that are known to support it. Obscure or new devices being unable to use the site seems like a deal-breaker, so I'd say the whitelist might be the better option.

In your HTTP <VirtualHost>:

# Internet Explorer 7, 8, 9, on Vista or newer
RewriteCond %{HTTP_USER_AGENT} MSIE\s7.*Windows\sNT\s6 [OR]
RewriteCond %{HTTP_USER_AGENT} MSIE\s8.*Windows\sNT\s6 [OR]
RewriteCond %{HTTP_USER_AGENT} MSIE\s9.*Windows\sNT\s6 [OR]
# Chrome on Windows, Mac, Linux
RewriteCond %{HTTP_USER_AGENT} Windows\sNT\s6.*Chrome [OR]
RewriteCond %{HTTP_USER_AGENT} Macintosh.*Chrome [OR]
RewriteCond %{HTTP_USER_AGENT} Linux.*Chrome [OR]
# Firefox - we'll just make the assumption that all versions in the wild support:
RewriteCond %{HTTP_USER_AGENT} Gecko.*Firefox
RewriteRule ^/(.*)$ https://ssl.hostname/$1 [R=301]

Here's the blacklist option, too - keep in mind that this runs the risk of sending a client that doesn't use SNI to an SNI-needed site, but on the other hand, will send users of something new like IE 10 to the right place:

# IE 6
RewriteCond %{HTTP_USER_AGENT} !MSIE\s6
# Windows XP/2003
RewriteCond %{HTTP_USER_AGENT} !Windows\sNT\s5
# etc etc
RewriteRule ^/(.*)$ https://ssl.hostname/$1 [R=301]

There are a lot of browsers out there. I've been pretty loose with the expressions and haven't covered a lot of browsers - this could turn into quite the nightmare to maintain.

Whichever option you choose.. good luck!

Apache ReverseProxy 502 to local jenkins process

"502" means that there is a problem with the backend server, not with Apache. You can also see this in the log:

[Wed Mar 13 09:23:16 2013] [error] [client 192.168.186.207] (104)Connection reset by peer:       proxy: error reading status line from remote server jenkins.example.com, referer: https://jenkins.example.com/?auto_refresh=true

It's your Jenkins Server that is hanging up on the apache server. Try if the problem also appears if you do this directly on your Jenkins instance (port 8080).

Best Answer

Related Solutions

Apache2 SSL – Redirect to SSL Only if Browser Supports SNI

Apache ReverseProxy 502 to local jenkins process

Related Topic