ocserv is not immune from Active probing
It seems that during the last month, the Islamic Republic in Iran has started identifying and blocking OpenConnect servers through Active probing.
If xml
could be shown to the requester only when the URL contains a specific path or argument, we could be somewhat safe from this attack.
like: https://example.com/?Competency_Code=qwerty76543nbvcx56789
if (url.args[Competency_Code] != nil && url.args[Competency_Code] == SERVER_KEY) {
send_xml();
else {
send_apacheForbiddenError();
}