[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https://<FQDN>:<port> vs. https://<IP address>:<port>.

On Mon, Apr 10, 2023 at 12:13:15PM -0700, peter@easthope.ca wrote:
> Name:   hornby.islandhosting.com
> Address: 158.69.159.172

> As expected, login at https://hornby.islandhosting.com:2096 and at
> https://mail.easthope.ca:2096 appear equivalent.
> 
> But for URL https://158.69.159.172:2096 Firefox warns,
> 
> "Warning: Potential Security Risk Ahead
[...]

> What is the risk from an IP address?  Misconfiguration at Island Hosting
> as Firefox suggests?

You've got three different URLs here, which means you're looking at three
different web sites.

    https://hornby.islandhosting.com:2096
    https://mail.easthope.ca:2096
    https://158.69.159.172:2096

Each of these may give you a different web site, even if they're all hosted
on the same physical computer, or the same virtual machine.

So, it's conceivable that Mozilla has flagged one of these web sites as
a security risk, but not the other two.

It's also conceivable that Mozilla has flagged an entire block of "raw IP
address URLs" as a security risk, based on a pattern of behavior that
they've seen from other web sites within that address range.

You'd have to ask Mozilla for the exact details about why they've flagged
what they've flagged.
Reply to: