Querying the website through the IP address directly leads to an unreachable page

[kit-ty-kate]

I think it would be nice to redirect to Key_gen.hostname () when possible to avoid having this problem. It's not a big problem but it'd be nice to clean up the log output a little (some bots seem to use the IP address directly or something) as it shows there as an error or an internal exception in some cases.

[hannesm]

If I understand the code correctly, the redirect function (that is used for http -> https redirecting) will (a) look at Key_gen.hostname () and, if provided, redirect there. (b) look into the host header of the request, and redirect to http://<host>

Only if neither is present, a bad request is issued. Which scenario are you looking at?

[kit-ty-kate]

Sorry if i wasn't clear. By "unreachable page" i meant the Warning: Potential Security Risk Ahead page from firefox warning us that the page we're looking at does not match the SSL certificate.

For example this is what i get when trying to reach the robur.coop website using its IP address directly:

[hannesm]

ok, thanks for clarification. But actually in the robur.coop case there's a https://github.com/roburio/tlstunnel standing in front (to demultiplex to different services based on the server name) that does the redirect only based on the Host header. Of course tlstunnel could be improved to redirect to the default if there's a default and the Host header is unknown.

But that doesn't explain the issue you originally reported, or does it?

[kit-ty-kate]

Ah i see. It does explain the original issue, sorry for the waste of time.