apache22 is it possible - redirect/restrict https to only one name?



Reaction score: 10
Messages: 71

Hello guys :)

I have the following situation:
I have web server with ip 94.236.xx.yy and couple of names registered to this ip in our dns server - http://www.domain.com, test1.domain.com, test2.domain.com. I have bought certificate from godaddy.com and it is valid for test.domain.com and http://www.test.domain.com

When I access the web server with https://test.domain.com - it is ok. But when i try to access it with https://94.236.xx.yy or https://test2.domain.com or any other way i got "invalid security certificate waring"... and i have to add manual exception in firefox.

Is it possible ot redirect all https requests to this machine to https://test.domain.com , before the client get security warning?
Or if this is impossible, could it be limited the https access to only https://test.domain.com -- any other requests to get other warning ... or error or whatever .. just not "invalid certificate".

Yes for :443 I need only one virtualhost. For :80 I have couple vhost and for the main one I have used rewrite to make the address always be http://www.domain.com, but for https I could not use rewrite :( because before the rewrite do its job I got the "invalid cert error" in the browser...

10x in advance :)
If needed I will post more info/confs/logs..

apache 2.2.11/freebsd 7.1-release


Staff member

Reaction score: 2,767
Messages: 11,277

I don't think it can be done, because the SSL exchange takes place before the ServerName stuff in httpd-ssl.conf gets evaluated. So if you have several DNS names pointing to the same IP address, they will all respond to an https request, simply because SSL is availble on your.ip.com:443. I played around with some ServerName + Redirect statements in httpd-ssl.conf, but those cannot be evaluated until the SSL phase has been completed. There is absolutely no problem doing it the other way around (redirecting http to https from httpd-vhosts.conf), which is how I redirect http requests to my webmail to the https server.