Strict SNI matching for Apache

MirroredFate asked:

I have multiple SSL vhosts and non-SSL vhosts served from a single server. If one of the non-ssl vhosts is accessed using “https”, the first SSL directive is used. Is there some setting to make it so that only vhosts with explicitly matching server names will can be used?

So, let’s say I have www.a.com, www.b.com, and www.c.com.

Let’s say I also have https://www.a.com and https://www.b.com.

If I go to https://www.c.com, it is the same as using the site https://www.a.com. This is undesired behavior. Is there something I could set so that no site would be used?

My answer:


Use one IP address for virtual hosts which won’t use SSL, and a separate IP address for virtual hosts which do use SSL. Ensure that your Listen and VirtualHost directives for SSL specify that IP address explicitly, rather than, e.g. *:443.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.