Limit SSL to only one virtual host domain
In the past, I've used htaccess to forward a SSL request to other virtual hosts to the appropriate ssl domain. This required an edit to the htaccess for each virtual host. But, is there a better way?
I basically want to limit SSL request to the ssl.domain.com virtual host, and for SSL requests to other virtual hosts to fail.
When you make a TLS request, the server doesn't yet know which domain the client is after, because the request for the domain itself is encrypted. Like I said, I'm no expert, so I'm having a hard time explaining it, but it basically works like this:
Browser finds out what
Browser connects to server at 18.104.22.168, port 80, request contents of
Now, an encrypted connection:
Browser finds it's 22.214.171.124.
Browser connects to server at 126.96.36.199, port 443.
Browser requests an encrypted channel with server.
Server responds, all subsequent communication takes place on the encrypted channel.
Browser requests contents of ssl.domain.com.
See, since the encryption starts before the browser asks for a specific domain, the connection cannot be refused, by design.
The only way to achieve what you want, that I know of, is to add another IP and have the server listen to encrypted requests on that IP only.
Hope that makes sense.
edit: I went to WP to see if I could find an article that would explain the problem better, and I found there is a solution to the issue, it's called
Server Name Indication
E.g., just don't define a virtual domain
And of course, if your SSL certificate is just for ssl.domain.com, then your client's are likely to get browser warnings anyway when trying to connect at
It's not the same as refusing the network connection entirely, but perhaps just as suitable for your purposes.
So, while you can have more than one vhost, you can have only one certificate.
In other words, even if you set up server to reject access on the basis of HTTP_HOST, it'll look like
Browser: WARNING, certificate issued for sslenabled.example, do you want to continue?