homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

virtualhosts ssl non ssl

5+ Year Member

Msg#: 3423935 posted 4:29 pm on Aug 16, 2007 (gmt 0)

Hi, I am running Apache 2 on windows with mod ssl and the server has one IP address multiple non ssl sites and one ssl site. Everything seemed fine when they went to https://www.sslsite.com the cert came up fine.
When people went to [xyx.com...] Etc. everything also went fine. But then someone happened to put it https://www.xyz.com and the data for site https://www.sslsite.com is displayed. Any help with this would be much appreciated. Below is an example of my vhost set up

<IfModule ssl_module>
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none
<IfDefine SSL>
<VirtualHost www.pchweb2.com>
ServerName www.sslsite.com
DocumentRoot "C:/apache2/htdocs/test"
DirectoryIndex index.html
SSLEngine on
SSLCertificateKeyFile C:/Apache2/conf/ssl/my-server.key
SSLCertificateFile C:/Apache2/conf/ssl/my-server.cert

<VirtualHost www.xyz.com:80>
ServerName www.pchweb22.com
DocumentRoot "C:/apache2/htdocs/test2"
DirectoryIndex index.html



5+ Year Member

Msg#: 3423935 posted 7:22 pm on Aug 16, 2007 (gmt 0)

I am a newbie at this whole apache server stuff but your situation is one of the many things that I need to figure out before I can start hosting my own sites on my own server.

I have searched a bit for a solution to the problem but have yet to find the perfect answer. Two things are coming into play:

1) In a virtualhost scenario, if a request is received for a server name that is not defined it defaults to the first virtualhost.

2) The server name being requested is not available in the SSL packet.

In your setup, you have one virtualhost on port 80, and one SSL virtualhost on port 443? But the server name isn't available with SSL - so all port 443 traffic will be sent to the first (default) virtualhost.

I found one solution to the problem. Setup one virtualhost specifically on port 80 something like ipaddress:80 then setup a regular host specifically on port 443 - ipaddress:443. This will keep people from getting the wrong page, but the trade-off is that inputing the other domains with the https protocol will get a server not found error - not the ideal solution.

I came up with my own solution to this problem, but I haven't tested this fully so proceed with caution :)

<VirtualHost www.example.com> **** LITERALLY USE "EXAMPLE.COM
ServerName www.example.com **** LITERALLY USE "EXAMPLE.COM
DocumentRoot "C:/apache2/htdocs/default"

<VirtualHost www.real_domain1.com:80>
ServerName www.real_domain.com:80
DocumentRoot "C:/apache2/htdocs/domain1"

<VirtualHost www.real_domain1.com:443>
ServerName www.real_domain.com:443
DocumentRoot "C:/apache2/htdocs/domain1"
SSLEngine on
SSLCertificateKeyFile C:/Apache2/conf/ssl/my-server.key
SSLCertificateFile C:/Apache2/conf/ssl/my-server.cert

<VirtualHost www.real_domain2.com>
ServerName www.real_domain.com
DocumentRoot "C:/apache2/htdocs/domain2"

<VirtualHost www.real_domain3.com>
ServerName www.real_domain.com
DocumentRoot "C:/apache2/htdocs/domain3"

What I am doing is sending all unknown traffic to my dummy example.com domain. Lastly, use a 301 redirect in an .htaccess file in the example.com domain to redirect all https://domain.com back to [domain.com...] and everybody should end up where expected.

Like I said though, I haven't fully tested this so if anyone sees any glaring over sites or a better idea I would love to hear them!



WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 3423935 posted 9:36 pm on Aug 16, 2007 (gmt 0)

That's the standard approach for name-based virtual hosting -- Put up a "default" first virtual host with an error message served for any requested URL-path that's as helpful as possible, so that any hostnames that resolve to the server (via DNS) but that are not actually hosted will land on that default server and return a 404 or 503 response.

Or, with a bit of mod_rewrite in that default virtual host, you can examine the %{HTTP_HOST} sent in the client's request header, and probably figure out which of the actually-hosted sites to 301-redirect the incorrect request to.


Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved