is it possible to restrict access by using ipaddress? - ruby-on-rails

I have recently installed ssl certificate to a site.
I tried accessing the site using ip address
133.255.214.180
it redirects to
https://133.255.214.180/
it then shows that "your connection is not private" ssl certificate error. I had bought ssl certificate for domain name and not ip address.
when i access using the domain name for example
www.example.com
then it redirects to
https://www.example.com
without ssl certificate error.
I used redirection in nginx as
server {
listen 80;
server_name 133.255.214.180;
return 301 https://www.example.com;
}
I want to make it so that when the user types in the ip address at the url bar of the browser then it redirects to the domain name i.e https://www.example.com so that it doesnt show ssl certificate error. Is this possible to achieve?
I appreciate any help. Thanks!

HTTPS handshake is done before sending the actual request, so if you type https://something_without_valid_cert you will always receive that error.
With sending the request I mean even "opening" the HTTP communication, including sending back the redirect.
The reason is very simple, if the certificate is not valid you cannot trust the server, it could respond with anything, including a malicious redirect.
Your nginx configuration should work if you type http://the_ip_address. Because you send back a 301 (Moved Permanently) the browser next time will perform the redirect automatically without calling the server.

Related

Scheme relative URL

There are a lot of questions on SO regarding scheme relative URL, but I don't understand what will happen in these scenarios:
1) I am on HTTPS clicking on href="//example.com/" (example.com doesn't have SSL (it's HTTP), so browser will try to open HTTPS://example.com/ (because it wants to match the current scheme) and if there won't be HTTPS scheme it will open HTTP://example.com/?
2) Vice-versa going from HTTP to HTTPS, when the target //example.com/ is only HTTPS. Will browser open HTTPS if the destination target does not have HTTP?
The browser will try to open the URL using the same scheme it's currently on; if it's currently on HTTPS, it will request the URL with HTTPS and vice versa for HTTP. If the target server does not support that scheme, it will simply fail. In case of a server which only supports HTTPS, that usually means that it enforces HTTPS; if you make an HTTP query to that server it often simply redirects to the HTTPS version of the same page. That's entirely up to the server to do though.
If a server only supports HTTP, that usually means that it doesn't have HTTPS at all. In that case an HTTPS request would simply fail and the browser will display an error message along the lines of "couldn't establish a secure connection/couldn't connect to server".
I have found the way how to do this with some inspiration from the answer on how to link to different port as I needed to do both. The way is:
<a href="/vnc.html" onclick='javascript:event.target.port=6080;event.target.protocol="https:"'>VNC connection</a><br />

Apex domains on heroku

I've got a site that was originally running on a non-heroku server that I moved to heroku. The site was using a bare domain before (example.com). Heroku requires non-bare domains (www.example.com) as per this article: https://devcenter.heroku.com/articles/apex-domains
My question is: I have a bunch of links out there currently like this: https://example.com which throw a browser error now that I am using non-bare domains.
This excerpt from heroku confirms the error is widespread.
SSL
Traffic routed over SSL behaves, at the DNS level, identical to unencrypted traffic and suffers from the same naked domain limitations.
However, applications requiring SSL encryption should use the ALIAS/ANAME configuration on the root domain. Subdomain redirection will cause a browser error when the root domain is requested over SSL (i.e. https://example.com).
How can I redirect people to the right domain without them experiencing a browser error?
EDIT:
I emailed heroku and this was their response:
I'm afraid only the ALIAS/ANAME style records will be able to reference an SSL endpoint at the apex and from my understanding Namecheap do not support those record types. We have a few examples for various providers here. But if your domain provider doesn't support ALIAS/ANAME we can only recommend you switch to another provider that does. A URL redirector doesn't work for SSL, the CNAME type breaks email, and raw A records can break after only a few minutes.
So I moved providers from Namecheap to Cloudflare, CNAME'd instead of redirected, and everything now works as expected.
If you don't have an SSL endpoint provisioned then your visitors will get a 'certificate mismatch' error as Heroku will serve their default herokuapp.com certificate. You can't redirect https without a valid certificate as browsers first check the validity of the certificate. If you're moving to Heroku and want to respond to those requests you will need a valid certificate, SSL endpoint provisioned and a DNS provider that supports using CNAMEs on Apex records.

Box.com api redirect URL to localhost

I'm trying to do some initial testing in my local environment with box.com api. I've registered the api key and I'd like to put a localhost url in redirect uri form field but it seems like it only allows https (which I don't have in localhost). Message returned:
OAuth2 redirect URL must specify a valid URL and must not be http://
The requirement for the https is a good thing. While you are still in dev it would still be an active auth token transmitted in plain text if sent to http:// which someone could grab and use to mess with your box.net account.
You are going to need to generate a self signed certificate and install that locally to allow for this to work.
How can I create a self-signed cert for localhost?
Another option to further enhance this would be to actually buy the SSL that you are going to need for this project when it goes live and use a local dns redirect via your hosts file to load the domain off your local dev machine as opposed to the live server.
Box has updated itself to allow localhost to be http://. For other URIs, you need https://

Does iOS send HTTPS requests through the HTTP proxy?

I am trying to write up an HTTP proxy server in node.js, and I have successfully managed to route unsecure HTTP connections through it. But when applications (on my iOS device) use HTTPS for APIs 'n such, it always throws an error, and the attempted HTTPS connection never hits the server. So there are a few explanations of what could possibly be happening:
iOS chooses not to send HTTPS connections over the proxy for security reasons
iOS is looking for an HTTPS connection at the server on a different port, but can't find one
Basically what I am asking is: What does iOS do with HTTPS connections when an HTTP proxy is configured?
Please ask for any details or further questions in the comments. Thanks.

How to redirect a url like https://mydomain.com to https://www.mydomain.com from within Rails

I am using a SSL cert for www.mydomain.com from GoDaddy on Heroku. How can I redirect from the root url, https: //mydomain.com to https: //www.mydomain.com from within rails so my cert will work? I have been able to redirect all other combination with custom middleware, so that SSL is always serverd, but can't figure out how to do this without the browser detecting the lack of a cert for https://mydomain.com/. Is there something like a rack env[HOST] that I can rewrite? Thanks in advance....
The browser compares the cert to the domain name way before Rails even gets a chance to touch it - in fact, it's the very first part of the negotiation with the server, so you can't even use Apache Rewrite to change it.
What you should do is add mydomain.com to your cert. They're called "unified communications" certificate, although GoDaddy just calls them a Multiple Domain cert. http://help.godaddy.com/article/3908

Resources