A security warning when accessing a site through IP

Question

When I go to ex: https://xyz.com/, everything works normal. As soon as I access the same site using its IP address ex:  (66.66.66.66) , I get a security warning (even if I write something like https://66.66.66.66/). but still with https .. so is that mean my connection will not be encrypted? i know this is because the certificate not include the public ip but is that risky? and how to solve it from Server or WAF side?

spalande · Accepted Answer

As you mentioned, this is expected because certificate common name or SAN name doesn't have IP address included. The warning shows that common name is having missmatch, but traffic would be still TLS encrypted. If you want to avoid the cert warning, IP address can be added to the SAN but it's not a common practice. If you want to block the access of the site using IP address you can use iRule, ltm policy or ASM feature. Most of the web servers also has option to whitelist the HOST header.On F5:iRule:  To whitelist the HOST headerwhen HTTP_REQUEST {
 switch [string tolower [HTTP::host]] {
 "www.domain.com" 
  {
   return
  }
 default { 
   reject
  }
 }
}LTM Policy: Condition:HTTP host is not any of &lt;www.domain.com&gt; at http request time Action:Reset traffic at requestOn Server: you can search for the options to mitigate this HOST header injection, based on the web server used (eg. IIS, nginx, Apache)

Forum Discussion

A security warning when accessing a site through IP

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Cipher suite mismatch advertisement/warning

Expired ssl warning

F5 Security Podcasts

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS