SSL and named-based VirtualHost

I currently manage about 10 sites, each with a different domain name, on a single IP using name-based virtualhost.

What I have problem here is that after setting up mod_ssl on the server, the secure directory that should be accessed only through an SSL enabled domain can be accessed using any domain name configured under VirtualHost directives in httpd.conf.

For example, in my httpd.conf:

<VirtualHost xxx.xxx.xxx:80>
ServerName www.mydomain.com
DocumentRoot /home/mydomain/public_html
...
</VirtualHost>

<IfDefine SSL>
LoadModule ssl_module libexec/libssl.so
Listen 443
<VirtualHost xxx.xxx.xxx:443>
ServerName secure.mydomain.com
DocumentRoot /home/mydomain/ssl
SSLEngine On
...
</VirtualHost>
</IfDefine>

<VirtualHost xxx.xxx.xxx:80>
ServerName www.anotherdomain.com
DocumentRoot /home/anotherdomain/public_html
...
</VirtualHost>

I do not want people to be able to access the secure directory ( /home/mydomain/ssl ) using https://www.anotherdomain.com/, but want it to be accessed only through https://secure.mydomain.com/. Isn't this the way it should work with the above configuration?

Thanks in advance for all your help

 

 

 

 

Top