Typing :443 after domain name gives out info

Discussion in 'Installation/Configuration' started by supportunlimited, Nov 6, 2015.

  1. supportunlimited

    supportunlimited New Member HowtoForge Supporter

    Hi all
    A have acquired a new client that is a security type company.
    Unbeknownst to me they have started scanning and probing my servers.
    They have found that when they type :443 at the end of their domain name if lists the following
    http://***.com:443/manual
    ***.com/phpmyadmin
    http://***.com/apps/
    http://***.com:443/html/ server default page shows up
    http://***.com:443/webalizer/

    This is an ubuntu 14.04 server with the latest patches installed. I check it daily.
    I have one SSL certificate installed on the machine on a seperate IP address. I have no SSL certs installed on the main server ip.
    I have about 35 other sites on this server with all sharing the same ip.
    I am pretty sure that I have just missed something in the setup, but am not sure.
    I have searched on the internet for using Apache redirects to point them away from SSL, but there doesn't seem to be the standard entry on this site's virtual host record (/etc/apache2/sites-available/***.com-vhost

    Thoughts?
    Alex
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Probably you dont have a default ssl vhost. run:

    a2ensite default-ssl

    to enable the default vhost for ssl in ubuntu and then restart apache.
     
  3. supportunlimited

    supportunlimited New Member HowtoForge Supporter

    Thank you Till
    That worked, I was cached but now it works
    Alex
     

Share This Page