I currently manage about 10 sites, each with a different domain name, on a single IP using name-based virtualhost.

What I have problem here is that after setting up mod_ssl on the server, the secure directory that should be accessed only through an SSL enabled domain can be accessed using any domain name configured under VirtualHost directives in httpd.conf.

For example, in my httpd.conf:

<VirtualHost xxx.xxx.xxx:80>
ServerName www.mydomain.com
DocumentRoot /home/mydomain/public_html
...
</VirtualHost>

<IfDefine SSL>
LoadModule ssl_module libexec/libssl.so
Listen 443
<VirtualHost xxx.xxx.xxx:443>
ServerName secure.mydomain.com
DocumentRoot /home/mydomain/ssl
SSLEngine On
...
</VirtualHost>
</IfDefine>

<VirtualHost xxx.xxx.xxx:80>
ServerName www.anotherdomain.com
DocumentRoot /home/anotherdomain/public_html
...
</VirtualHost>

I do not want people to be able to access the secure directory ( /home/mydomain/ssl ) using https://www.anotherdomain.com/, but want it to be accessed only through https://secure.mydomain.com/. Isn't this the way it should work with the above configuration?

Thanks in advance for all your help

I'm not sure I understand the problem. How are they able to access the directory "/home/mydomain/ssl" without using "secure.mydomain.com" in the example configuration you just posted?

I don't know.. but when I type in https://www.anotherdomain.com/ on my browser, I can access the contents in /home/mydomain/ssl
:(

Then it seems there is a problem with your configuration other than what you have posted here. Curious. Do you have a NameVirtualHost entry for the IP that all of these sites are being hosted off of?