Apache2 error: Hostname provided via SNI and HTTP do not match

Question

In my Apache error.log, I am getting an error like the following:

Hostname www.example.com provided via SNI and hostname hk.dv.nextmedia.com provided via HTTP are different

I have no idea what hk.dv.nextmedia.com is. It is not related to my website or server and I have never entered that domain anywhere in my Apache or server configuration.

Can anyone shed some light on this error? Should I be worried about anything malicious that may have happened on my server?

Answer 1

Similar thing happened to me on one server, and this was the reason. So, check your ssl_access_log and you may find something like

141.212.122.224 - - [16/Nov/2016:03:42:45 +0100] "GET /UlisseREST/api/actions/RequestActionsToExecute HTTP/1.1" 400 226

while in ssl_error_log you have something like this:

[Wed Nov 16 03:42:45.737309 2016] [ssl:error] [pid 3666] AH02032: Hostname **** provided via SNI.....

I know I'm late to the party on this question, but someone might find it interesting. It's not always a TLS Virtual Host Confusion attack, but it might be, so don't ignore it...

Answer 2

This is a client-side error or someone probing for vulnerabilities.

"a client indicates which hostname it is attempting to connect to at the start of the handshaking process" https://en.wikipedia.org/wiki/Server_Name_Indication

Answer 3

I hope I'm not speaking too soon. I believe I have cleared this up, however. I have not received this message in five days now, and five days ago I edited my /etc/hosts file, adding a line with my server IP and domain name.

i.e.

###.###.###.### mydomain.com

Previously I had only the lines:

127.0.1.1 hostname hostname
127.0.0.1 localhost

Again, hoping I'm not jumping the gun, but I believe this may have resolved the issue in my case.