✅ SSL 基本配置正确, HTTP200
❌ 限制空头主机和非法域名 HTTP403 500 ... ...
第一次手工配置 Apache ,参考配置文件里的注释和文档
首先用一个<VirtualHost _default_:443>(或<VirtualHost *:443> 或<VirtualHost ***IPAddress***:443>)来处理空头主机和非法域名。
然后又试过用<VirtualHost www.example.com:443>(或<VirtualHost _default_:443>)再加一个 ServerName 来响应我的域名。
✅ 已解决,用 .htaccess 来限制域名
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteCond %{HTTP_HOST} !^example.com$ [NC]
RewriteRule ^.* - [F,L]
</IfModule>
另一个办法: 将 ServerName 绑定为服务器ip,ServerAlias 泛指所有域名
<VirtualHost *:80>
ServerName 0.0.0.0
ServerAlias *
<Location />
Order Allow,Deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName 0.0.0.0
ServerAlias *
<Location />
Order Allow,Deny
Deny from all
</Location>
</VirtualHost>
或者用 .htaccess
#这里将IP重定向到域名
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^8.8.8.8$ [NC]
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
</IfModule>
#这里将向除了主域名和IP的地址的域返回HTTP404
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteCond %{HTTP_HOST} !^example.com$ [NC]
RewriteCond %{HTTP_HOST} !^8.8.8.8$ [NC]
RewriteRule (.*) 404 [L]
</IfModule>
#强制HTTPS
# BEGIN HTTPS Strict
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# END HTTPS Strict