Strict SNI matching for Apache

MirroredFate asked:

I have multiple SSL vhosts and non-SSL vhosts served from a single server. If one of the non-ssl vhosts is accessed using “https”, the first SSL directive is used. Is there some setting to make it so that only vhosts with explicitly matching server names will can be used?

So, let’s say I have,, and

Let’s say I also have and

If I go to, it is the same as using the site This is undesired behavior. Is there something I could set so that no site would be used?

My answer:

Use one IP address for virtual hosts which won’t use SSL, and a separate IP address for virtual hosts which do use SSL. Ensure that your Listen and VirtualHost directives for SSL specify that IP address explicitly, rather than, e.g. *:443.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.