Stop server from leaking SSL information
If the application is served through a WAF, you don't want anyone to bypass the WAF by accessing the server using its IP address.
Cloudways gives us the option to disable access to the application using the IP address only (apache Access Application via IP). However, the web server is still responding to SSL requests, thus leaking the certificate information that would include the common name.
The SSL certificate should only be presented to the WAF/requests using the hostname/URL and not by accessing the IP address.
It seems that cloudways is using nginx as a reverse proxy in front of apache. Nginx ≥ 1.19.4 has an option to reject ssl handshakes (sslrejecthandshake). This could be used to stop infomation leakage.
Please offer an option to properly shield origin servers behind a WAF.