I have a webserver which contains numerous domains. One of these domains has an SSL applied to it, running on port 443 as normal.
However, because all of the domains share the same IP address, you can simply type any of the domains behind a https://
and it'll pass them to the one with the SSL!
So, if I have the following domain which has the SSL applied to it:
I can easily use:
to get to the same place! This has the effect of showing scripts under a domain that they aren't actually under.
Does anyone know how I can isolate this such that any https call to domains OTHER than the one on which the SSL exists cause a failure or redirect?