diff --git a/main.tf b/main.tf
index 9721c9a3..95e90dde 100644
--- a/main.tf
+++ b/main.tf
@@ -174,10 +174,29 @@ resource "google_compute_url_map" "https_redirect" {
   project = var.project
   count   = var.https_redirect ? 1 : 0
   name    = "${var.name}-https-redirect"
-  default_url_redirect {
-    https_redirect         = true
-    redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
-    strip_query            = false
+
+  host_rule {
+    hosts        = length(var.https_redirect_domains) > 0 ? var.https_redirect_domains : ["*"]
+    path_matcher = "https-redirect-matcher"
+  }
+  path_matcher {
+    name            = "https-redirect-matcher"
+    default_url_redirect {
+      https_redirect         = true
+      redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
+      strip_query            = false
+    }
+  }
+  default_route_action {
+    weighted_backend_services {
+      backend_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
+    }
+    fault_injection_policy {
+      abort {
+        http_status = 404
+        percentage  = 100
+      }
+    }
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 83a86fdf..586dd768 100644
--- a/variables.tf
+++ b/variables.tf
@@ -275,6 +275,15 @@ variable "https_redirect" {
   default     = false
 }
 
+variable "https_redirect_domains" {
+  type    = list(string)
+  default = []
+  validation {
+    condition     = !(length(var.https_redirect_domains) == 1 && var.https_redirect_domains[0] == "")
+    error_message = "The variable 'https_redirect_domains' must not contain a single empty string (['']). Use an empty list ([]) if no domains are provided. The gcloud bash script might be failing to get the SAN list"
+  }
+}
+
 variable "random_certificate_suffix" {
   description = "Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert."
   type        = bool