Redirect all access on IP address to domain name need to click proceed to redirect

carlbasabe

9/13/23, 3:48 AM

I have this config in my apache:

<VirtualHost *:80>

    ServerName default

    <Location />
        Redirect / https://domain.name
    </Location>
</VirtualHost>

<VirtualHost *:443>

     ServerName default
     SSLEngine On
     SSLCertificateFile fullchain.pem
     SSLCertificateKeyFile privkey.pem
     SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

    <Location />
        Redirect / https://domain.name
    </Location>

     ErrorLog /var/log/httpd/error_log
     CustomLog /var/log/httpd/access_log combined

</VirtualHost>

When I access IP_ADDRESS or http://IP_ADDRESS on browser it redirects to https://domain.name But when I try to access https://IP_ADDRESS it redirects to the page where you need to click proceed when you have a self signed cert. Thanks in advance.

0 + 0

centos

apache-2.4

Score:0

Server

Rob

9/13/23, 10:21 AM

https://IP_ADDRESS it redirects to the page where you need to click proceed when you have a self signed cert.

That is not exactly a "redirect", but a warning page that gets generated by your webbrowser.

The cause is the same though as with a self-signed certificate: your web server can't provide a valid SSL certificate for address you entered in the address bar of your web browser, i.e. there is no valid certificate offered by your webserver that contains your IP-address. Your typical SSL certificate is only valid for one or more hostnames, www.example.com , example.net or maybe a wildcard *.example.com and not for bare IP-addresses.

The simple solution for that is:

don't enter https://IP_ADDRESS in your address bar, use your domainname

The alternative would be to get a valid certificate issued for your IP-address. Normal visitors to your website will never enter an IP-address to visit your site though and in almost all cases there is no business need to do so.

0 + 0

carlbasabe

9/13/23, 12:25 PM

thank you Rob for this answer. is this not a security vulnerability?

Rob

9/16/23, 8:04 AM

Unless you're in the habit to configure applications and instruct users to connect to the bare IP-address, there is no security issue.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Redirect all access on IP address to domain name need to click proceed to redirect

TH: เปลี่ยนเส้นทางการเข้าถึงที่อยู่ IP ทั้งหมดไปยังชื่อโดเมน ต้องคลิกดำเนินการต่อเพื่อเปลี่ยนเส้นทาง

RO: Redirecționați toate accesul la adresa IP la numele domeniului trebuie să faceți clic pe Continuați pentru a redirecționa

RU: Перенаправить весь доступ с IP-адреса на доменное имя, необходимо нажать «Продолжить», чтобы перенаправить

VI: Chuyển hướng tất cả truy cập trên địa chỉ IP sang tên miền cần bấm tiến hành chuyển hướng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.