How can I force a VirtualHost in Apache to not listen for undefined subdomains on 443?
7,794
This is because you have not setup the SSL for the sub domain foo.example.com
and so it uses the www.
domain. If you do not want SSL you can simply remove the Virtual Host all together running on port 443, otherwise just add to the configuration the following:
Allow foo.example.com
to operate on SSL
<VirtualHost *:443>
ServerName foo.example.com
DocumentRoot /var/www/foo.example.com/htdocs
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
Redirect HTTPS to HTTP
<VirtualHost *:443>
ServerName foo.example.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^foo.example.com
RewriteRule ^/(.*)$ http://foo.example.com/$1 [L,R=301]
DocumentRoot /var/www/foo.example.com/htdocs
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
Or if you want a 404 Error then use:
<VirtualHost *:443>
ServerName foo.example.com
RewriteEngine on
Redirect 404 /
ErrorDocument 404 "Page Not Found"
DocumentRoot /var/www/foo.example.com/htdocs
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
Related videos on Youtube
Author by
Charlie Schliesser
Updated on September 18, 2022Comments
-
Charlie Schliesser over 1 year
In
/etc/apache2/sites-available/example.com
:<VirtualHost *:443> ServerName www.example.com DocumentRoot /var/www/example.com/htdocs SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key </VirtualHost>
I also have a virtual host configured for
foo.example.com
, but that only listens on port 80.I have the A record for foo.example.com pointing to this same server. If I visit
https://foo.example.com
in my browser, it loads the Virtual Host forwww.example.com
. How can I combat this? -
Charlie Schliesser about 11 yearsInteresting. I do not want
https://foo.example.com
to resolve to anything – users should get a 404. What Virtual Host should I remove in that case? -
Simon Hayter about 11 yearsAdded even more solutions.
-
Charlie Schliesser about 11 yearsUnfortunately, since I already have www.example.com listening on port 443, it takes precedence and I receive this error when reloading the Apache configuration:
VirtualHost overlap on port 443, the first has precedence