Why Direct IP Access Fails: The Hidden Role of the Host Header in HTTPS

When you visit a website, the client first resolves the domain name to an IP address and then sends HTTP requests to that IP.

If you already know the IP address, you might think you can skip DNS and request the site directly using the IP.

Using Baidu as an example, we ping the domain and obtain the IP

14.119.104.189

. Accessing

https://14.119.104.189

in a browser results in a refusal.

To understand why, we capture the traffic with Fiddler. Comparing a request to the domain and a request to the IP, we find that only two request‑header fields differ:

Host

and

Cookie

.

The

Host

header contains the domain name when accessing via the domain, but contains the IP address when accessing via the IP. The server uses this header to determine which virtual host should handle the request.

When we send a request to

https://14.119.104.189

with Postman, the server returns a 403 error. After editing the

Host

header to

www.baidu.com

and sending the request again, the access succeeds.

Thus, the reason direct IP access fails is that the server distinguishes requests by the

Host

header; an IP‑only request does not match any configured virtual host, leading to denial.

Note: Accessing the IP over HTTPS may also trigger a certificate warning because the SSL certificate is issued for the domain name, not the IP address.