Hi, I have a problem in config of either my Web server or ISPConfig with SSL, because all https://*.any-domain.com gets redirected to (random?) SSL-enabled web site. If I - forr testing purposes - disable the particular SSL-enabled web site, then the content of next SSL-enabled web site is displayed. For example: non-ssl site http://www.non-ssl-site.com works OK The sub-domain "autodiscover" does not exist for this site. But when I type https://autodiscover.non-ssl-site.com I get SSL cert and content of https://www.ssl-enabled-site.com I do not want this. Any idea, where I messed up with config?
This is a normal behavior and had been answered several times. Do search for it. You basically need to create a vhost of 000-something.
Well, if i ENABLE vhost 000-default.com in my ISPConfig, then non-existent https://autodiscover.any-domain.com shows up https://000-default.com index.php page. Which is still NOT what I want. I want it to return 404 error, as sub-domain does not exist.
As ahrasis said, this has been answered many times. You don't like the way apache and nginx are working when they receive traffic for a non existing host? Then contact the apacje or nginx devs. You have 3 options: a) Create an SSL default vhost which catches these requests. b) Use one IP for SSL sites and another one for non ssl sites. c) Enable SSL for all sites. Or even a third options, do not add a subdomain to DNS that shall not be reachable.
Thank you both for explanation. Based on your input I figured out the following SOLUTION: 1.) For 0000-default web site I edited .htaccess file and denied permission for All: HTML: <Directory /> Order Deny,Allow Deny from all Options None AllowOverride None </Directory> 2.) In ISPConfig under Web Site for 0000-default.com I selected Auto Subdomain to "*" and then back to "www". I do not know what exactly it did, but it was before on "www" and returned "403" Denied page, but after the toggle back and forth to "www" again, now it returns "500 Server Error". Which is exactly what I wanted, so now my Outlook/Android autodiscover works perfectly! (because it skips Apache default https site and proceeds to proper Autodiscover record) Explanation: Outlook Autodiscover discovery order gives precedence to HTTP lookups before SRV DNS record. So if the https://autodiscover.domain.com URL exists, it will try to soak SSL certificate from this site and lookup for Autodiscover.xml there. But in my scenario it does not exist and mailbox creation wizard pops-up annoying SSL warning about wrong certificate, which is absolutelly not needed step. Wizard should skip this URL and look further, until it comes to DNS SRV record, where there is proper directive for Autodicover. 3.) To prevent Apache to reveal details, I added this to /etc/apache2/conf.d/security: HTML: ServerTokens Prod ServerSignature Off
Another simpler setup would be to put this in an apache2 conf-enabled file: Code: <If "%{HTTP_HOST} =~ /^autodiscover\./"> Redirect 500 / </If> (Note: that is untested)
