The easiest way to do this is to make sure you have the correct hostname
in the virtual host - the one that matches your certificate and another
virtual host which has no hostname in it to catch all the other requests.
<VirtualHost *:*>
.... return a forbidden response for all requests!
RewriteEngine On
RewriteRule ^(.*)$ - [L,F]
</VirtualHost>
<VirtualHost *:*>
ServerName your.real.host.com
... real config...
</VirtualHost>
On 08/02/2018 16:46, Houser, Rick wrote:
In addition to fixing your certificate, you may have a reason to make
sure the host header they send is correct. If they are reaching you
via an alternate hostname or something that’s getting them to the
correct IP, but shouldn’t be supported for your service, stopping them
from doing that might take aware the incentive they see to disabling
the hostname verification in the first place.
Rick Houser
Web Engineer
*From:* Eric Covener [mailto:cove...@gmail.com]
*Sent:* Thursday, February 08, 2018 11:19
*To:* users@httpd.apache.org
*Subject:* Re: [users@httpd] SSL Certificate Validation
*EXTERNAL EMAIL*
On Thu, Feb 8, 2018 at 7:36 AM, Belmona, Nizar <nbelm...@cscgroup.com
<mailto:nbelm...@cscgroup.com>> wrote:
Thanks Rainer and Daniel.
Sorry for the confusion and please let me clarify.
We have a web server with Apache 2.2.22 with OpenSSL 0.9.8t, the
Apache service launches fine and the users/developers are able to
connect however developers through their code bypass the Server
SSL certificate verification. I am not worried about the client
certificate validation since we are not using it, all the concern
is we need to stop users bypassing the Server SSL verification who
are claiming they have to bypass it since the certificate name
doesn’t match the server name in the link being called. Kindly
note that configuration in hhtpd.conf is:
You can't stop them unless you control the client. You only control
the server. The only thing you could do is provide a better certificate.
--
The Wellcome Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
