If you have a separate domain that isn't the hostname that is also pointed to your server's IP address, I would bet it works how you expect.
This bet you will definitely win, but with a bad quote.... It is no question that it will work with every other domain that is not used for hostname.
The hostname of the server *should* point to /var/www/html and not your unrouted vhost
If the hostname should point to /var/www/html in your opinion, why does cPanel use a strange looking strategy if hostname is requested? Strange because the behaviour of how a hostname is requested is quite different. As a consequence of finding no solution for what I want to get, I removed all custom settings and tested the default behaviour if the hostname is requested. If hostname is requested without www the request will be redirected to /cgi-sys/defaultwebpage.cgi. If hostname is requested with www request will be redirected to the domain that comes next in alphabetical order. This describes the similiar behaviour with my custom settings, but sorry, I can't follow this logic?! This can't be the plan of Apache.
For not getting me wrong, my intention to change and to control what should happen if hostname is requested is not for fun or because I have too much time. My hostname will be requested very often, but not by innocent users. Almost every request of hostname comes from "bad guys" to check whatever is possible to find out about my server. I have ModSecurity and CSF, both give me a good protection, but ofcourse it can't be perfect. My intention is trying to reduce the surface of attacks and if my server sends 403 header or much better if it drops the (browser) request to hostname, it could reduce the motivation to have a closer look at my server. I hope you understand what I am trying to do.
I am using cPanel/WHM for many years and I am almost happy with it, but cpanel should care a little bit more about security. This case with the hostname isn't the only thing that should be improved. With cphulk cPanel offers a solution against brute force attacks against unallowed logins, but this case is similiar to the case with requesting hostname. I have around 2000 brute force attacks dayly to WHM and every wrong login try will be blocked for 1 day. Blocking seems to be good, but costs performance and load. Ressources I need for my web applications. Access to WHM/cPanel is possible with every registered account/domain only by adding the port number to the URL. These port numbers are well known by almost everyone that has no good intention. Do you think that is a good security strategy?
Anyway, my last try to solve what I wanted to get was to add alias name to virtual host configuration, but it also fails. Depending on use of with and without www the behaviour is different. To me, it looks like that somewhere must be a configuration with a higher priority that overwrites my configuration.
So the question is where is this configuration defined and can it be changed?