Apache-2.2
為什麼 httpd 在 SSL 模式下會處理對錯誤主機名的請求?
我的網站有一個啟用 SSL 的虛擬主機
example.com:10443
Listen 10443 <VirtualHost _default_:10443> ServerName example.com:10443 ServerAdmin admin@example.com ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile "/etc/ssl/private/example.com.crt" SSLCertificateKeyFile "/etc/ssl/private/example.com.key" SSLCertificateChainFile "/etc/ssl/private/sub.class1.server.ca.pem" SSLCACertificateFile "/etc/ssl/private/StartCom.pem" </VirtualHost>
瀏覽到https://example.com:10443/>按預期工作。但是,瀏覽到<https://subdomain.example.com:10443/(設置了 DNS)也會顯示相同的頁面(在 SSL 證書警告之後)。我本來希望該指令
ServerName example.com:10443
拒絕與其他伺服器名稱的所有連接嘗試。如何告訴虛擬主機不要為頂級 URL 以外的 URL 提供請求?
您尚未啟用
NameVirtualHost
,因此_default_
會將與您的伺服器的任何連接發送到配置。像這樣試試。我添加了間距以提高可讀性NameVirtualHost *:10443 Listen 10443 <VirtualHost *:10443> ServerName example.com:10443 ServerAlias example.com:10443 ServerAdmin admin@example.com ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile "/etc/ssl/private/example.com.crt" SSLCertificateKeyFile "/etc/ssl/private/example.com.key" SSLCertificateChainFile "/etc/ssl/private/sub.class1.server.ca.pem" SSLCACertificateFile "/etc/ssl/private/StartCom.pem" </VirtualHost>