Skip to content

Default apache vhost (Kind of security)

Currently if someone points a domain to an ISPConfig managed server it will display the first loaded vHost on that IP.

This MR adds an "unnamed" vHost for every IP:Port-combination as well as a default index for duch cases. Further an SSL-Certificate will be generated on setup/update once to be able to also have a default ssl vHost - BUT the SSL-vHost will not show any page (as the corresponding domain might be configured witout SSL) but redirects the request to HTTP instead. Of course a certificate warning will always be issued when someone lands on the default vHost but its at least under control and not displaying semi-randomly some clients data.

From client-view its some kind of security improvement.

Merge request reports