I can think of two solutions (not sure if whether both of them turns out to be 'NOT ELIGENT' solutions) 1. Within the virtual host section of foo.com:443, you could do the following: SetEnvIfNoCase Host bar\.com bar SetEnvIfNoCase Host bar\.org bar (above sets two environment variable bar if the HTTP header Host field contains bar.com OR bar.org). Then in your <Directory> section of DocumentRoot (say if it is /d1/d2 ) <Directory /d1/d2> ... ... .. Allow from env!=bar </Directory> Which actually blocks access to any page.... You can use the above in <Location> Also.
2. Use mod_rewrite (RewriteCond which checks the HOST & RewriteRule) inside the virtualhost to redirect to any error page. Rajidhar Etta eComServer, Inc 609.951.8500 (x 192) 609.203.3697 (Cell) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Phil Hagen Sent: Tuesday, January 01, 2002 11:21 PM To: [EMAIL PROTECTED] Subject: name-based vhost woes -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! With the help of the mailing list archives, I've gotten SSL transactions functional on one name-based vhost, and other non-SSL vhosts working as well. I understand that I can only have one port 443 server name running on the machine. However, is it possible to have apache generate an error message of some sort when trying to https:// to one of the non-SSL vhosts? For example consider the following configurations: - - foo.com:80 - - foo.com:443 - - bar.com:80 - - bar.org:80 - - etc. With an http://foo.com, all works as expected, an https://foo.com works properly, as do http://bar.com and http://bar.org. However, when entering https://bar.com or https://bar.org, I get a warning that the server is offering a certificate for a differently-named server. If I opt to accept it anyway under NS, I get the contents of https://foo.com, though the location bar shows https://bar.com. Is it possible to have an https request to the non-SSL vhosts get killed without rolling over to the one SSL config? Thanks for the great support lists, and excellent code! - -Phil Hagen - -- http://identityvector.com/~phil/ (PGP Key, software, etc) PGP key also at http://www.keyserver.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjwyiqAACgkQ/5g75OFK7JNJuQCdHsGvuP3T4Wywsr8S8McFVDGS vBwAn1YXl2XHsDYV5l45MWMDkAHRCb2s =Qhmt -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
