Default VHOST file fo ISPC 3.2 and wrong HTTPS:// sites

Discussion in 'ISPConfig 3 Priority Support' started by Petar, Sep 22, 2021.

  1. Petar

    Petar Member HowtoForge Supporter

    Dear colleagues,
    Problem: When someone opens a https://domain.tld which is not SSL enabled and doesn't have a letsencrypt, or https://wrong.domain.tld subdomain, the server shows another users first in line SSL enabled website.

    I understand that this is expected behavior, but what is the current solution with ispconfig.vhost or similar roundabout that will show some other purposely created website of the main server or just show plain 404?

    Thanks for the support, best regards
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    That's indeed the normal behavior of Apache and Nginx web server and not ISPConfig related. Both web servers will show the first website in alphabetical order that listens on the same IP address if no better matching vhost is found. Create a new website with a fake domain name that is always first in alphabet, e.g. '000default.tld', and create a self-signed SSL cert for it to ensure it catches all wrong requests.

Share This Page