I have a web server [apache 2.4.62 on a RedHat9 server] that receives an SSL request for the address "https://1.2.3.4/"; (with the real serevr IP), the server will reply by sending its certificate back and then I assume the client compares the hostname on the cert and sees that it doesn't match what it send in the SSL ClientHello message and so issues a warning to the user about an unsafe site. Is there a way to just deny such HelloClient messages from mod_ssl, perhaps an option or other setting? In other words, force people to come to the site by hostname, not IP address. It appears that the HelloClient message has the target hostname within it, so mod_ssl should be able to say "ok, this hostname is *not* in my server cert(s), I'm not going to talk to this guy. reject. Since this seems like something it should already do, I'm probably missing some configuration option, but I know this is happening with a few servers in my organization. I could probably get around this by having the IP address put into the server certificate and then remapping a virtual host, but the issuer is frowning on that type of cert.
Is there a way to block IP connection attempt? [cid:f96cb615-c6cb-4264-8254-77955b0341ad]<https://www.nasa.gov/> Laurence Schuler NASA Scientific Visualization Studio Systems Administrator ADNET SYSTEMS, Inc. 7515 Mission Drive, Suite A100, Lanham, MD 20706 c: 410.739.0893 o: 301.286.3557 laurence.schu...@nasa.gov
