Why Direct IP Access Fails: The Role of the Host Header

When a browser loads a website it first resolves the domain name to an IP address via DNS, then uses that IP for the subsequent HTTP communication.

Using Baidu as a case study, a ping reveals the IP 14.119.104.189 . Attempting to open https://14.119.104.189 directly results in a refusal.

The author hypothesizes that the HTTP request sent to the server differs when the URL contains a domain name versus a raw IP, likely in the Host header.

To verify, Fiddler is used to capture HTTPS traffic for both a domain‑based request and an IP‑based request. The captured request headers differ only in two fields: Host and Cookie. This points to the Host header as the key factor.

Further validation with Postman shows that a direct request to https://14.119.104.189 returns a 403 error. When the Host header is manually changed to www.baidu.com, the request succeeds.

The conclusion is that the server relies on the Host header to identify which virtual host the client intends to reach; an IP address in this field can trigger rejection, while the correct domain name allows access.

Finally, the article poses a follow‑up question about why browsers still show a certificate warning when accessing the IP address, even though the SSL certificate belongs to Baidu.