I hope that title is clear.
How do I prevent HTTPS requests for non-ssl-enabled virtual hosts from going to the first ssl-enabled virtualhost (setup is Apache-SNI).
For example, using my abbreviated config below, requests for https://example.com (a non-ssl vhost) are being served by Apache at the ssl-enabled vhost https://example.org. I'd like to disable that behavior and possibly reply with the appropriate HTTP response code (unsure of what that is).
It may not even be possible, but I thought I'd ask.
# I actually have a SNI setup, but it's not demonstrated here.
# I don't think it's relevant in this situation.
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerName example.org
</VirtualHost>
<VirtualHost *:443>
ServerName example.org
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
</VirtualHost>
EDIT: Maybe a mod_rewrite rule in the first ssl-vhost?
As the Apache docs say, when no
ServerNamematches the hostname give in the web request, the firstVirtualHostmatching the given IP/port combination will be used.Thus, you merely need to give a default virtual host that serves no content, or content of your choosing, and it must be the first one parsed by Apache when it loads its configuration.
If you don't want specific hosts to be accessible via https at all, place them on a separate IP address, on which you have configured Apache not to
Listenon port 443.I know, it's been a while... But what about the SSLStrictSNIVHostCheck option. As far as I understand, this resolves your issue.