Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

virtualhosts ssl non ssl

4:29 pm on Aug 16, 2007 (gmt 0)

New User

5+ Year Member

joined:Aug 16, 2007
votes: 0

Hi, I am running Apache 2 on windows with mod ssl and the server has one IP address multiple non ssl sites and one ssl site. Everything seemed fine when they went to [sslsite.com...] the cert came up fine.
When people went to [xyx.com...] Etc. everything also went fine. But then someone happened to put it [xyz.com...] and the data for site [sslsite.com...] is displayed. Any help with this would be much appreciated. Below is an example of my vhost set up

<IfModule ssl_module>
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none
<IfDefine SSL>
<VirtualHost www.pchweb2.com>
ServerName www.sslsite.com
DocumentRoot "C:/apache2/htdocs/test"
DirectoryIndex index.html
SSLEngine on
SSLCertificateKeyFile C:/Apache2/conf/ssl/my-server.key
SSLCertificateFile C:/Apache2/conf/ssl/my-server.cert

<VirtualHost www.xyz.com:80>
ServerName www.pchweb22.com
DocumentRoot "C:/apache2/htdocs/test2"
DirectoryIndex index.html

7:22 pm on Aug 16, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 15, 2005
votes: 0

I am a newbie at this whole apache server stuff but your situation is one of the many things that I need to figure out before I can start hosting my own sites on my own server.

I have searched a bit for a solution to the problem but have yet to find the perfect answer. Two things are coming into play:

1) In a virtualhost scenario, if a request is received for a server name that is not defined it defaults to the first virtualhost.

2) The server name being requested is not available in the SSL packet.

In your setup, you have one virtualhost on port 80, and one SSL virtualhost on port 443? But the server name isn't available with SSL - so all port 443 traffic will be sent to the first (default) virtualhost.

I found one solution to the problem. Setup one virtualhost specifically on port 80 something like ipaddress:80 then setup a regular host specifically on port 443 - ipaddress:443. This will keep people from getting the wrong page, but the trade-off is that inputing the other domains with the https protocol will get a server not found error - not the ideal solution.

I came up with my own solution to this problem, but I haven't tested this fully so proceed with caution :)

<VirtualHost www.example.com> **** LITERALLY USE "EXAMPLE.COM
ServerName www.example.com **** LITERALLY USE "EXAMPLE.COM
DocumentRoot "C:/apache2/htdocs/default"

<VirtualHost www.real_domain1.com:80>
ServerName www.real_domain.com:80
DocumentRoot "C:/apache2/htdocs/domain1"

<VirtualHost www.real_domain1.com:443>
ServerName www.real_domain.com:443
DocumentRoot "C:/apache2/htdocs/domain1"
SSLEngine on
SSLCertificateKeyFile C:/Apache2/conf/ssl/my-server.key
SSLCertificateFile C:/Apache2/conf/ssl/my-server.cert

<VirtualHost www.real_domain2.com>
ServerName www.real_domain.com
DocumentRoot "C:/apache2/htdocs/domain2"

<VirtualHost www.real_domain3.com>
ServerName www.real_domain.com
DocumentRoot "C:/apache2/htdocs/domain3"

What I am doing is sending all unknown traffic to my dummy example.com domain. Lastly, use a 301 redirect in an .htaccess file in the example.com domain to redirect all [domain.com...] back to [domain.com...] and everybody should end up where expected.

Like I said though, I haven't fully tested this so if anyone sees any glaring over sites or a better idea I would love to hear them!


9:36 pm on Aug 16, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
votes: 0

That's the standard approach for name-based virtual hosting -- Put up a "default" first virtual host with an error message served for any requested URL-path that's as helpful as possible, so that any hostnames that resolve to the server (via DNS) but that are not actually hosted will land on that default server and return a 404 or 503 response.

Or, with a bit of mod_rewrite in that default virtual host, you can examine the %{HTTP_HOST} sent in the client's request header, and probably figure out which of the actually-hosted sites to 301-redirect the incorrect request to.



Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members