Why Direct IP Access Fails: The Hidden Role of the Host Header in HTTPS

When you visit a website, the client first resolves the domain name to an IP address and then sends HTTP requests to that IP.

If you already know the IP address, you might think you can skip DNS and request the site directly using the IP.

Using Baidu as an example, we ping the domain and obtain the IP 14.119.104.189. Accessing https://14.119.104.189 in a browser results in a refusal.

To understand why, we capture the traffic with Fiddler. Comparing a request to the domain and a request to the IP, we find that only two request‑header fields differ: Host and Cookie.

The Host header contains the domain name when accessing via the domain, but contains the IP address when accessing via the IP. The server uses this header to determine which virtual host should handle the request.

When we send a request to https://14.119.104.189 with Postman, the server returns a 403 error. After editing the Host header to www.baidu.com and sending the request again, the access succeeds.

Thus, the reason direct IP access fails is that the server distinguishes requests by the Host header; an IP‑only request does not match any configured virtual host, leading to denial.

Note: Accessing the IP over HTTPS may also trigger a certificate warning because the SSL certificate is issued for the domain name, not the IP address.