Disallow opening websites over HTTPS without a certificate?

P

psiklop2019-03-13 17:52:03

Apache HTTP Server

psiklop, 2019-03-13 17:52:03

There are several domains on the server with apache, some of them with an SSL certificate, mostly without it.
The problem is that if you open sites without a certificate via HTTPS, the browser either offers to open it with an error, or opens the first site that comes across from the server, this is unacceptable, it's best to just forbid opening, but rummaged through the whole Google, no tips help, no stubs, no editing ports.conf, help!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Viktor Taran, 2019-03-13
@psiklop

Reason:
Since according to the RFC tcp-ip there can be only two options
a) IP
b) port
but Apache cannot change the port, and IPs are already running out, so it has long been able to keep several sites on the same IP and port using its crutch, in the form of parsing http refery and on its basis already substituting the correct config.
BUT
port 443 initially creates a connection, as a result, at first the keys then the data, so Apache physically cannot open this port for one site and not open it for the rest
. Therefore, if you have 1 site with https, it appeared for everyone;)
Now what to do, for this you need to understand the Apache action algorithm if it does not find the keys, but it is quite simple (do not ask where such logic comes from), it substitutes the first ones in the list, for example, if it is 000.conf, then it will be the first and the keys from it will be by default ;)
1. option you put the certificate on gygy the very first file in the list ;) i.e. 000-apache.conf or something like that ;) so just put the left certificate into it and take the page to 40X response code here and all.
Well, or give certificates to all sites.