Dear colleagues, Problem: When someone opens a https://domain.tld which is not SSL enabled and doesn't have a letsencrypt, or https://wrong.domain.tld subdomain, the server shows another users first in line SSL enabled website. I understand that this is expected behavior, but what is the current solution with ispconfig.vhost or similar roundabout that will show some other purposely created website of the main server or just show plain 404? Thanks for the support, best regards
That's indeed the normal behavior of Apache and Nginx web server and not ISPConfig related. Both web servers will show the first website in alphabetical order that listens on the same IP address if no better matching vhost is found. Create a new website with a fake domain name that is always first in alphabet, e.g. '000default.tld', and create a self-signed SSL cert for it to ensure it catches all wrong requests.