DNS is the DNA of the Internet, and while many organizations secure their domains (URLs) with HTTPS, they wrongly assume this protects all access points to their servers. A crucial oversight lies in the direct use of or access to IP addresses.
TLS certificates are issued for domain names—not IPs—so accessing a server via `https://
Organizations relying solely on domain-level security may unknowingly expose their infrastructure. To mitigate this, businesses should:
– Restrict direct IP access
– Enforce domain-only connections
– Consider internal PKI if secure IP-based access is essential
True security demands more than just a padlock icon—it requires complete endpoint awareness, Internet-connected asset security, and DNS security controls.
You Should Know:
1. Restricting Direct IP Access
To prevent unauthorized access via IP, configure your web server to reject requests not using the domain name.
For Apache:
<VirtualHost :80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost>
<VirtualHost :443>
ServerName yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem
Deny IP-based access
RewriteEngine On
RewriteCond %{HTTP_HOST} ^[0-9]+.[0-9]+.[0-9]+.[0-9]+$
RewriteRule ^(.)$ - [F,L]
</VirtualHost>
For Nginx:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
if ($host ~ "^[0-9]+.[0-9]+.[0-9]+.[0-9]+$") {
return 403;
}
}
2. Enforcing Domain-Only Connections with Firewalls
Use firewall rules to block direct IP access:
Linux (iptables):
iptables -A INPUT -p tcp --dport 80 -m string --string "Host: 192.168.1.1" --algo bm -j DROP iptables -A INPUT -p tcp --dport 443 -m string --string "Host: 192.168.1.1" --algo bm -j DROP
Windows (PowerShell):
New-NetFirewallRule -DisplayName "Block Direct IP Access" -Direction Inbound -LocalPort 80,443 -Action Block -Protocol TCP
3. Monitoring & Detecting IP-Based Attacks
Use tcpdump to detect suspicious IP-based requests:
tcpdump -i eth0 'port 80 or port 443' | grep -E 'Host: [0-9]+.[0-9]+.[0-9]+.[0-9]+'
4. Implementing Internal PKI for IP Security
If IP-based access is necessary, deploy an internal Certificate Authority (CA) and issue certificates for internal IPs.
OpenSSL Command to Generate IP SAN Cert:
openssl req -newkey rsa:2048 -nodes -keyout server.key -out server.csr -subj "/CN=192.168.1.1" echo "subjectAltName = IP:192.168.1.1" > extfile.cnf openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -extfile extfile.cnf
What Undercode Say:
Ignoring IP-based security is like locking the front door but leaving the back window open. Attackers exploit overlooked weaknesses, and unsecured IP access is a prime target. By enforcing domain-only connections, restricting IP access, and monitoring traffic, organizations can close this gap.
Key Takeaways:
- Always bind TLS certificates to domain names, not IPs.
- Use web server configurations to block direct IP access.
- Deploy internal PKI if IP-based HTTPS is unavoidable.
- Monitor logs for unusual IP-based requests.
Security is a layered defense—never assume HTTPS alone is enough.
Expected Output:
A hardened web server configuration that rejects IP-based requests, ensuring all connections are domain-authenticated and encrypted.
Further Reading:
References:
Reported By: Andy Jenkinson – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
