Solved

BYPASSING DNS

Posted on 2013-11-25
2
350 Views
Last Modified: 2013-11-26
We have company internal website.

I can get to my website like this:
https://InventoryDelux.dev.ibm.net/Pages/Default.aspx

But when I try to bypass DNS by directly typing in the ipaddress, I get error below.
Here is the link I am using:
https://10.194.221.83/Pages/Default.aspx
I also tried:
https://10.194.221.83:443/Pages/Default.aspx

Same problem (see error below)

Why is that, and how to bypass DNS and directly access the website.


ERROR:

  There is a problem with this website's security certificate.
 
   
 The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
0
Comment
Question by:kamistry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 250 total points
ID: 39676280
It is using the https which is a secure protocol, and the security certificate is for the specific domain: https://InventoryDelux.dev.ibm.net/Pages/Default.aspx

It address: https://10.194.221.83:443/Pages/Default.aspx  using the ip it does not have a certificate and so that raises security violation flags.  There is no way the browser can relate the domain name to the ip because it dd not go through DNS to generate the target address.

C&
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 250 total points
ID: 39676282
If the web server is hosting more than one site, its likely configured to reply based on the HTTP host header.  Your browser automatically derives this value from the requested URI and passes the value to the web server.  When your request is based on an IP address, the default web site is displayed.

If more than one site is being hosted, you'll need to either spoof the HTTP host header, or you need to modify your local %windir%\system32\drivers\etc\hosts file to resolve the host name to the IP address is question.  This would effectively bypass your DNS server(s) though unlikely achieve your desired result.

Regarding HTTPS and digital certificates, if you want the web server to respond (without error) to HTTPS requests based on the IP address, then you'll need have the certificate reissued to support multiple CNs, which include the IP address and relevant host names (e.g. 10.0.0.1, host, host.domain.local, host.example.com )

Please note this is not typical, as the general assumption is humans prefer domain names as opposed to IP addresses.  However, it's still possible to do.

Using IIS and SelfSSL7 as an example, you could accomplish this using the following command:

selfssl7 /n cn=localhost;cn=10.0.0.1;cn=host;cn=host.domain.local;cn=host.example.com /k 2096 /t /q /i

Open in new window


Of course this is a self-signed certificate, and would need to be trusted by any client viewing the website over HTTPS.

A TLS extension called Server Name Indication (SNI) allows a server to present multiple certificates on the same IP address and port number.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An enjoyable and seamless user experience can go a long way on an eCommerce site. While a cohesive layout and engaging copy play roles in creating a positive user experience, some sites neglect aspects that seem marginal but in actuality prove very …
Color can increase conversions, create feelings of warmth or even incite people to get behind a cause. If you want your website to really impact site visitors, then it is vital to consider the impact color has on them.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question