Home/ Questions/Q 7997901
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T15:04:51+00:00

I have a strange issue where my virtual hosts are not being restricted when

  • 0

I have a strange issue where my virtual hosts are not being restricted when I set them up with SSL. Everything works as expected except for the fact that the virtual host is not limited to just the name. For example, if I browse to https://qa.example.com/, I am served the correct page. However, if I browse to https://foo.example.com/, I am served the same page! I’ve read the named-based configs at http://httpd.apache.org/docs/2.2/vhosts/name-based.html, so I’m at a loss.

Here is my /etc/apache2/sites-enabled/mysite-ssl file (I’m using Ubuntu 12.04):

<IfModule mod_ssl.c>
<VirtualHost *:443>
    <IfModule dir_module>
            DirectoryIndex login.html
    </IfModule>
    ServerAdmin admin@example.com
    ServerName qa.example.com
    DocumentRoot /var/www/example

    <Directory />
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
    </Directory>

    JkMount /axonify/* worker1

    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    SSLEngine on
    SSLCertificateFile "/etc/ssl/certs/star.example.com.crt"
    SSLCertificateKeyFile "/etc/ssl/private/star.example.com.key"
    BrowserMatch "MSIE [2-6]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

My /etc/apache2/ports.conf file is where I define the NameVirtualHost entry:

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

Now my /etc/apache2/sites-enabled/000-default file is also very simple:

<VirtualHost *:80>
    ServerAdmin admin@example.com
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

I do not have a default-ssl site deployed, and I only have the single SSL-enabled site deployed.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ve solved the issue. Seems that I needed the default-ssl file, which specifies the <VirtualHost _default_:443> entry that acts as the fallback for any unmatched virtual hosts.

    • 0