I hope that title is clear.
How do I prevent HTTPS requests for non-ssl-enabled virtual hosts from going to the first ssl-enabled virtualhost (setup is Apache-SNI).
For example, using my abbreviated config below, requests for
https://example.com (a non-ssl vhost) are being served by Apache at the ssl-enabled vhost
https://example.org. I’d like to disable that behavior and possibly reply with the appropriate HTTP response code (unsure of what that is).
It may not even be possible, but I thought I’d ask.
# I actually have a SNI setup, but it's not demonstrated here. # I don't think it's relevant in this situation. NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> ServerName example.org </VirtualHost> <VirtualHost *:443> ServerName example.org </VirtualHost> <VirtualHost *:80> ServerName example.com </VirtualHost>
EDIT: Maybe a mod_rewrite rule in the first ssl-vhost?
As the Apache docs say, when no
ServerName matches the hostname give in the web request, the first
VirtualHost matching the given IP/port combination will be used.
Thus, you merely need to give a default virtual host that serves no content, or content of your choosing, and it must be the first one parsed by Apache when it loads its configuration.
If you don’t want specific hosts to be accessible via https at all, place them on a separate IP address, on which you have configured Apache not to
Listen on port 443.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.