How to stop HTTPS requests for non-ssl-enabled virtual hosts from going to the first ssl-enabled virtualhost (Apache-SNI)
As the Apache docs say, when no ServerName
matches the hostname give in the web request, the first VirtualHost
matching the given IP/port combination will be used.
Thus, you merely need to give a default virtual host that serves no content, or content of your choosing, and it must be the first one parsed by Apache when it loads its configuration.
If you don't want specific hosts to be accessible via https at all, place them on a separate IP address, on which you have configured Apache not to Listen
on port 443.