I've just followed this tutorial on setting up name-based virtulization in Apache, and it worked really well.
The tutorial basically got you to add a config file to sites-available called yourdomain.com, and then link it to sites-enabled.
By default, apache includes two site config files in sites-available, default and defualt-ssl.
Should you edit these files or remove the link form the sites-enabled directory?
After playing around with this (locally), I realised that by default the default site points to your root /var/www directory, and so if someone goes to the IP of your server directly, could they not then see all the vhosts and other directories in /var/www, unless the default vhost config is changed to point to a different directory, or remvoed from sites-enabled?
I'm just wondering what is commonly done with the default site if the server is being used for name-based virtualization?
Sorry if I got some of this incorrect as I'm quite new to running my own web server.
Just disable them if you're not using them
This simply removes the link to sites-enabled, so they're not included in the config anymore
You can disable the default files which is equivalent to removing the link from sites-enabled directory.
If you don't want to disable default site but want to hide the directories then you can put up a home page (index.html) in
/var/www/or hide the directory indexes.