Limiting Apache https responses to one site
 

Hi,

I apologize in advance if this has already been covered in another thread.

Today I configured our web server to use https for our subversion site. Apache2 hosts multiple http sites and now this https site on a single IP.

The problem is that if you try to connect to any of the hosted http sites using https you get the subversion web pages on the requested URL. Access is restricted to active directory credentials, so that limits the impact ... but it is still messy.

From what I have gathered ...

• the whole SSL thing has to happen before Apache gets the url request, so you are bound to get the cert/site-name mismatch browser error
• VirtualHost directives don't work with SSL because of the whole single cert per IP thing, otherwise I could create certs and SSL VirtualHosts with redirects to the http URL

How can I get Apache to only serve the subversion web pages to requests that use the correct URL? Can I get it to simply ignore all other URLs? Is there a way to use redirects to point to the http site?

Much Appreciated,
Al

Hi,

In named-base vhosts you can't. As you've already pointed out the ssl handshake happens before rewriting, so you get the warnings about wrong certificates when you visit the non-ssl vhosts.

This is no longer true. For apache 2.2.12 and newer, you can use SNI to define multiple ssl vhosts each with its own key/certificate

Regards

bathory,

He shoots he scores!

Many thanks,
Al