The Wrong Website

Posted: 01/10/14

You would think certificate warnings would put people off

This afternoon I got a very confused member of the public wanting to know when a particular website they wanted would be up, and why our web site was coming up instead.

Needless to say I was a bit bemused by this. The website in question was one that we host, but as nothing had changed on that site for several months, it's apparent replacement by our website was worrying.

A little further probing revealed the the domain name had been entered correctly, so that ruled out something odd with the DNS pointing to us and the possible response by the web server to serve the first defined virtual host.

I asked the user to try searching the site through Google, which they did and then mentioned casually, that there was no https this time. The light bulb came on: Since there can be only one site per IP address when it comes to https sites, our site which was running on the server's main IP was being served up. I tried it myself, and after ignoring the copious amounts of certificate warnings, I was presented with our own site, running in another URL.

Quite why the user decided to ignore all the warnings is quite another matter. However, to prevent this happening again, a little mod-rewrite in the SSL virtual host container was required:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^jero\.co\.nz$ [NC]
RewriteRule . http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

English translation: If the host requested does not end in jero.co.nz, redirect to a normal http host and append the requested path for good measure.