K
K
Konstantin2021-02-04 20:34:06
Apache HTTP Server
Konstantin, 2021-02-04 20:34:06

A site using https:// opens the default certificate/site. How to remove it?

Hello.
There is a vps, apache is installed on it.
Apache is configured with a default host on ports 80 and 443,
an example of port 443:

<VirtualHost _default_:443>
  ServerName default
  ServerAdmin [email protected]
  DocumentRoot /var/www/html

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined

  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCertificateFile    /etc/apache2/ssl/server.pem
  SSLCertificateKeyFile /etc/apache2/ssl/server.key
</VirtualHost>


There is also a site example1.com, which has a virtual host on ports 80 and 443.
There is also a site example2.com, which has a virtual host only on port 80.
If you go to the site https://example2.com (that is, port 443), then the default configuration will open - The <VirtualHost _default_:443>

question arose: how to make sure that there is nothing on https://example2.com ?
Thank you.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Viktor Taran, 2021-02-04
@webmaster

gee, I’m spreading the
answer in no way
here, everything is simple
Since the entire Internet is one big crutch on a crutch with a crutch,
we have at one time had no idea in tcp / ip to have something other than numbers
when the question arose RFC was already written
so we got the dns service as a crutch to alphabetic IPs.
Now, when the question arose about the end of IPv4, and even a little before that, in Apache, the question arose of how to hang two sites on one port and ip,
which naturally does not comply with RFC or the port or ip itself
, there was an excellent solution, Apache parses YOUR http refery (from the client browser) chooses domain from it and on the basis of this substitutes the config you need in accordance with ServerName
but then another SSL crutch appeared
that occupies its port, now a drum roll .....
You opened port 443 and hung 1 site on it
BUT the IP is open The port is open and this is Apache
For what reason, when accessing 2 domains, he should send it in the forest ?
What do you think about SSL first? Data transmission over the channel or a key from it?
correct key.
Therefore, the web server physically cannot know whether to send you to the forest or not, because he cannot take your referee without a key, and there is no key until there is a referee.
Therefore,
as soon as you have 1 site with ssl on your server,
all other sites also receive ssl
But you say I didn't give them the key. Yes, but he cannot receive a single byte of information through this channel, including what the site is.
And here the web server makes a very logical decision.
It takes the Closest key, the nearest letter for example 000-default.conf
takes these keys and inserts them into all sites for which it could not find the keys immediately.
That's the logic bro.
What to do to
disable ssl on 1 of the sites is physically impossible.
You can do the following
1 certificate by name sorting should be default.
and in the default config code 400 should be given to all requests.
Don't forget to check the box that it's solved.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question