apache https applies to other http vhosts

Question

I've searched a lot, i also tried lots of thing but still cannot find the problem.

I have an apache 2.2.22 server installed on an ubuntu server 12.04 lts. I have a number of http virtual hosts and 2 https vhosts. Everything works fine, but the strange thing is that if i give on my browser one of my http sites, with https instead, it redirects me to the actual https site. This is very awkward an i really don't know what is causing it.

Has anyone faced that too? and can you help with this? Thanks in advance

Answer 1

HTTP and HTTPS are different protocols on different ports. If you hit HTTPS apache will only "see" the https vhosts. If you hit HTTP Apache will only "see" the http vhosts. If you wish to rewrite one to the other then you need to do so explicitly.

Answer 2

It's not clear what you are asking, but there's two potential problems:

1) Apache will attempt to find the best vhost to match to and default to the first vhost that matches the IP address and port if nothing else matches, which sometimes causes unexpected results to those who don't understand this.

So if you have the following:

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName www.example1.com
    DocumentRoot /www/example1/htdocs
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example2.com
    DocumentRoot /www/example2/htdocs
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example1.com
    DocumentRoot /www/example1/htdocs
</VirtualHost>

You might be surprised what happens when you try to go to https://www.example2.com. You might think it would either error out, or serve the example2 site over https but actually what Apache does is look for a match on port 443 and, when it fails to find an exact match it defaults to the first match and so serves up the same as https://www.example1.com.

2) Alternatively if you mean you have this config:

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName www.example1.com
    DocumentRoot /www/example1/htdocs
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example2.com
    DocumentRoot /www/example2/htdocs
</VirtualHost>

NameVirtualHost *:443

<VirtualHost *:443>
    ServerName www.example1.com
    SSLCertificateFile /ssl/cert1.crt
    DocumentRoot /www/example1/htdocs
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example2.com
    SSLCertificateFile /ssl/cert2.crt
    DocumentRoot /www/example2/htdocs
</VirtualHost>

Then in this case you would hope that https://www.example2.com would work.

The problem is that normally https requests are initially made to the IP address, without passing the servername so Apache doesn't know which one you want, so again it assumes the first and passes back cert1.crt to set up the session, which may be incorrect. After the https session is set up, it gets the ServerName and can correctly route the request.

An update to https called SNI (Server Name Indication) allows the ServerName to be passed with the initial request so the correct cert will be used, but this depends on you're server using OpenSSL 0.9.8f or higher and which browser you are using (notably not IE on Windows XP which doesn't support this). There are work arounds if this is an issue (use same cert for both assuming it covers both domains, or use different IP addresses for each domain).