^^^ That is not something that is possible. A Domain name is just a lookup record. When you say ‘Connect to xrobau.com’, what your computer does is say ‘Hey, DNS, what’s the address of xrobau.com?’ - DNS says ‘xrobau.com is at 1.2.3.4’ and your computer then connects to 1.2.3.4.
What @dicko MIGHT be trying to say is ‘only allow connections via https’, which doesn’t really achieve anything, apart from stopping man in the middle attacks, and co-incidentally, making it easier to figure out the hostname of a machine.
For example, let’s pick a random machine on the internet, 199.102.239.8 (which just happens to be mirror.freepbx.org) and try to figure out what it is:
[root@freepbx ~]# openssl s_client -connect 199.102.239.8:443 < /dev/null 2>/dev/null | openssl x509 -noout -text | grep CN=
Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Subject: OU=Domain Control Validated, CN=*.freepbx.org
[root@freepbx ~]#
That’s saying the certificate is ‘*.freepbx.org’. From an IP address, I’ve learned that it has something to do with freepbx.org. I could then look at apache headers, etc.
The only way to properly secure a machine is with a real firewall - and noticing that fortigate was mentioned earlier in this thread - fortigate is NOT a real firewall.