FIXED: HTTPS site responds for other non-HTTPS sites

Discussion in 'Installation/Configuration' started by bambam82, Sep 16, 2016.

  1. bambam82

    bambam82 New Member

    OS: Debian 7.
    apache version: Apache/2.2.22
    Multiple websites for HTTP only.
    2 websites for HTTP/HTTPS using 1 external IP address with SNI.
    Names used:
    1.domain.tld - http only
    www.domain1.tld - http only
    www.domain2.tld - http/https
    www.domain3.tld - http/https
    domain4.tld - no website, but DNS is pointing to this server.

    ISPconfig configuration:
    Server IP addresess: - IP address enabled for HTTP Vhost, ports 80,443.
    Vhost website: - IPv4 address = *.

    1. Whenever i browse to the exact URLs, all is fine.
    2. When i browse to a non-existing website, but with a catch-all DNS entry, therefore pointing to my webserver it will be hit by the virtualhost with the 'lowest' name. Browing to www.domain4.tld results in 1.domain.tld responding.
    3. When I browse to https://www.domain1.tld/ (note: NO https site). The lowest virtualhost name with HTTPS will respond. Therefore presenting www.domain2.tld.

    This also has the negative result that incorrect URLs end up in Google searches as well.

    Is this expected behavior?

    Please let me know if additional information is required.
  2. bambam82

    bambam82 New Member

    I did found the following:

    does this answer the behavior question?

    Is there a way the server doesn't reply on non-matching virtualhosts?
  3. bambam82

    bambam82 New Member

    Just realized it is related to not having the virtualhosts default and default-ssl enabled.

Share This Page