Catchall and redirect to other site (could be external)

Recently got some notice from my DAST security tools that https://xx.xx.xx.xx (server IP address) is accessible with invalid TLS Certificate.

I think that is the default router that runs if somebody accessing through IP and/or there is no matching registered Host at my traefik server.

How can I prevent this happening? I am thinking of instead of showing 404, it would be nice if I redirect the request to my main website at another server.

Have tried this, but doesn't work as I expected.

http:
  routers:
    catchall:
      entryPoints:
        - "web-secure"
      rule: "Host(`xx.xx.xx.xx`)"
      service: redirecttomain
      middlewares:
        - catchall
      # lowest possible priority
      # evaluated when no other router is matched
      priority: 1
  middlewares:
    catchall:
      redirectRegex:
        regex: "^https://xx.xx.xx.xx"
        replacement: "https://www.another-site.com"
        
  services:
    redirecttomain:
      loadBalancer:
        servers: {}