Apache-2.2

為什麼 httpd 在 SSL 模式下會處理對錯誤主機名的請求?

  • November 10, 2013

我的網站有一個啟用 SSL 的虛擬主機example.com:10443

Listen 10443
<VirtualHost _default_:10443>
 ServerName example.com:10443
 ServerAdmin admin@example.com
 ErrorLog "/var/log/httpd/error_log"
 TransferLog "/var/log/httpd/access_log"
 SSLEngine on
 SSLProtocol all -SSLv2
 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
 SSLCertificateFile "/etc/ssl/private/example.com.crt"
 SSLCertificateKeyFile "/etc/ssl/private/example.com.key"
 SSLCertificateChainFile "/etc/ssl/private/sub.class1.server.ca.pem"
 SSLCACertificateFile "/etc/ssl/private/StartCom.pem"
</VirtualHost>

瀏覽到https://example.com:10443/>按預期工作。但是,瀏覽到<https://subdomain.example.com:10443/(設置了 DNS)也會顯示相同的頁面(在 SSL 證書警告之後)。我本來希望該指令ServerName example.com:10443拒絕與其他伺服器名稱的所有連接嘗試。

如何告訴虛擬主機不要為頂級 URL 以外的 URL 提供請求?

您尚未啟用NameVirtualHost,因此_default_會將與您的伺服器的任何連接發送到配置。像這樣試試。我添加了間距以提高可讀性

NameVirtualHost *:10443
Listen 10443

&lt;VirtualHost *:10443&gt;
 ServerName example.com:10443
 ServerAlias example.com:10443
 ServerAdmin admin@example.com

 ErrorLog "/var/log/httpd/error_log"
 TransferLog "/var/log/httpd/access_log"

 SSLEngine on
 SSLProtocol all -SSLv2
 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
 SSLCertificateFile "/etc/ssl/private/example.com.crt"
 SSLCertificateKeyFile "/etc/ssl/private/example.com.key"
 SSLCertificateChainFile "/etc/ssl/private/sub.class1.server.ca.pem"
 SSLCACertificateFile "/etc/ssl/private/StartCom.pem"

&lt;/VirtualHost&gt;

引用自:https://serverfault.com/questions/551788