I have used IIS to host a nodejs API in windows 11(followed these blogs: blog-1 and blog-2).
When following blog-1, setting the IP address to IPv6(i am not sure about this) makes the API available to all device.
Any other options choosen from the list of avail IP addresses leads to the API accessible only from the working pc where the API is hosted.
Why is this happening?
Also, when using the IPv6 address to reach the API, the url looks like this:
http://[5468:6483:7e05:6ea6:7c31:dd39:d7d2:f8b7] (Note: this is a mock url, does not work)
Here, what is the [] used for?
Note:
I don't have much knowledge about this topic, if the question needs any improvement please suggest edits.
Any suggestions gratefully accepted. Thanks in advance.
Related
I would like to ask, can anyone here advise on how to have a specific web address enabled to display only at a specific IP address that I choose?
I've only got HTML basics, and nowhere have I found a way to get this or are there any storage sites that support this?
I want it for storing a script I don't want to have publicly and I need it fixed to an IP address.
javascript:$.getScript('secret url);void(0);
Thank you
You will need to blacklist all other IPs and whitelist the IPs you want it to have access to.
Shared Hostings will have their own GUI for doing this but if you're hosting your app using a VPS (Virtual Private Server).
The most common approaches are:
Option #1: Through Web Server (Nginx, Apache, etc...)
Nginx
https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/#restricting-access-by-ip-address
Apache
https://httpd.apache.org/docs/2.4/howto/access.html
Option #2: Through Backend Server (PHP, Ruby, etc...)
PHP IP Address Whitelist with Wildcards
Note:
You will need to have your HTML page rendered using one of these
approaches to make it work.
The flow would look like this:
User visits the page -> Web Server Checks If the IP is allowed ->
Backend Server Checks if the IP is allowed (optional) -> Serve the
HTML.
My website suddenly stopped working.
When I search for the domain name in WHOIS websites it is showing the correct server ip address and correct DNS IP address.
I can reach the website by its IP address but somehow when I am trying the domain name in browser its not working and its showing "This site can’t be reached"!
There is no error in my server log.
I tried different browsers and different systems and it is same issue.
I am really confused. Even when I am sending GET requests with Postman to my domain, it not reachable but sending request to IP is working!
whois and DNS resolution are two separate things and one does not imply anything for the other, so in short, except in very specific cases, if you have a DNS resolution problem you should use DNS troubleshooting tools, not the whois and especially not web-based whois (the only relevant whois is the registry one).
Now you are giving so few details that noone can really help.
Among the possible ideas to check and probable problems:
you forgot to renew the domain, your registrar put it on hold or worse deleted it (that you can see in whois)
you did a change in the DNS resolution and now it does not work anymore, use online troubleshooting tools like Zonemaster or DNSViz; alternatively your registrar and/or webhosting company should be able to help (since you are neither giving here the domain name nor details about the troubleshooting you do: for DNS problems, the browser is not the first tool to use, look instead at dig).
in appear that the problem was DNS on our local system. we changed it to 8.8.8.8 and then we could access to our domain!
it's usually because you use an addon domain, not the main domain for hosting orders that are set up on cpanel whm
I want to modify the DNS query answer that PowerDNS returns by replacing the IP of the domain with the IP of a static page. I know the place to do this modification is in the startDoResolve function in pdns_recursor.cc. However I am having trouble figuring out where exactly the IP gets inserted into the response packet. Anyone having experience working with PowerDNS who can help me out with this?
It seems, you are using PowerDNS Recursor.
The standard way of doing this is via the lua extensions.
Depending on the criteria, when you want to spoof, you probably want to use one of the query interceptor function specified in the lua scripting documentation
You may also be interested in the spoofing capabilities mentioned in the dnsdist Packet Policies documentation. For example: addAction(domain, SpoofAction({IP[,…]}))
Recently, I made a setup where I pointed some websites to a redirect server. The redirect server in return served the website requests using ProxyPass directive of Apache2. It worked like a charm without even a single problem for my websites.
So, based on that I have got an idea to access internet via Apache2. Please note that this is because I do not have access to fast internet and every internet provider is so lousy and lame here to provide better connection speeds even for the lot of money I pay to them.
Now, https as better speends than VPN.
So, the idea is to get rid of VPN and SSH tunnel redirects and instead, resolve every domain on my Mac to a single server IP address which should be a redirect server and which can in turn bring me back every web request made from my Mac. Possible? This will make me to always use https to my own redirect server. https has better speed than VPN for me whenever I try and when I am on VPN things are too slow for me, may be because of level of encryption. Please note that I do not want solution using PPTP, L2TP and anything else which are lighter than OpenVPN (using Pritunl).
Please let me know if anything like that is possible and if yes then how.
Even though if it does not work, my mind always gets this idea every time. I just want someone to shed light on this and shut down my idea if its the worst by far. Thanks in advance.
Also, I have also seen some proxy sites where I put any website link on their website and their website works like a browser as if I am surfing on their remote server itself. May be something like that can be useful and speedy for me. But, I do not want to use them because I do not trust those sites for security. No way.
Got a solution myself without any kind of VPN.
Actually I needed to make my DNS secure and connections to my server Apps secure. So, for that I tried DNSCrypt-Proxy and its working great and resolving my DNS queries on HTTPS (443).
And, I am using an Addon on Chrome for "Always https" connections. I am blocking every request on http for Chrome using that Addon. Perfect!!!
So, now all surfing traffic on my Mac is going on HTTPS and is perfectly safe from hackers. I do not care for any other connections made by my other Mac Apps. I just care for security of my Apps while I am surfing them OR any payments I am making for shopping.
DNSCrypt-Proxy:
Please go to https://dnscrypt.org/#dnscrypt-osx and you will find all help there to how to install and run it on your Mac.
brew install dnscrypt-proxy --with-plugins
sudo dnscrypt-proxy --ephemeral-keys --resolver-name=cisco
^ You can find the resolver name in excel sheet that comes with this package.
And, just add an entry in your Network interfaces for DNS to point to 127.0.0.1, Please note that remove all other entries.
"Always HTTPS for Chrome":
https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en
Enjoy perfect security on your Mac, if you do not care about IP address anonymity. Always use legal stuff!!!
I am using AMP (McMyAdmin3) as control panel for my minecraft and the servers are located at a secret address, except my bungeecord (proxy so multiple minecraft servers can be connected) ofcourse. Now I am trying to have a control panel for my admins, but I want them not to see the IP.
I was thinking of an SRV record, but I am not sure if this even CAN work or HOW it even works.
(Well I have an idea of how it works but I don't know if I am correct)
So I have pointed my domain 'manage.mydomain.com' to the IP I want, I put cloudflare protection on it, so if they resolve the IP, they cannot see the real IP. However, with this done they cannot type in the URL bar 'manage.mydomain.com:[port]' because cloudflare does not allow you to do that, because of the protection. So I tried setting up an SRV record like this:
_mcmyadmin._tcp.manage POINTS TO SRV 0 0 [port] manage.mydomain.com
I waited for 2 days now, and it still did not work, so I am sure that is not the case.
Is there any way to make this work? Or is not even possible with domain stuff :p
Or is there another way to fix this?
Kind regards,
Runefist
DNS is the public phone book of the internet. Its purpose is to take a domain name and map it to an IP Address. It is simply not possible to put anything in DNS and keep it secret.
When you put an address into your browser the first thing it does is find out the IP address associated with it.
In order to use a SRV record the application that uses it needs to be written to use them. Unless you are writing the frontend yourself, there are very few applications that will use SRV records. You can't just put data in there and expect it to be used.
If your intention here is to provide extra security to your servers, this isn't going to do you a lot of good. If you look at your server logs you are already being probed just by being online. The addition of a domain name won't do much change that.
You will be far better off understanding and hardening the security of your server than hiding it and hoping that nobody finds it, because it is almost guaranteed that they will if they have the inclination to do so.
Minecraft SRV records are _minecraft._tcp, you can't change the service name or the client won't be able to resolve it.
That being said, Michael B is right, what you're doing is implementing security by obscurity (which, as we all know, is no security). Instead, you should be using iptables to block all IPs except for the bungee from being able to reach the backend.