Google DNS at 010.010.010.010

[makeworld]

Google's server handles the octal case if it's provided directly. Not sure if this is an explicit code path or if the server handles all IP forms.

Try this:

  curl -v -H "Host: 010.010.010.010" https://8.8.8.8

Trying to do the same with other websites doesn't seem to work.

[anderskaseorg]

Google’s server doesn’t handle that as a special case; it redirects any host other than dns.google to dns.google. These give the same result:

    curl -v -H "Host: 010.010.010.010" https://8.8.8.8
    curl -v -H "Host: 222.222.222.222" https://8.8.8.8
    curl -v -H "Host: example.com" https://8.8.8.8

[lucb1e]

Not sure what you mean about other websites, it works fine on Apache and Nginx, e.g. on my server:

    curl -kiH Host:1348764566 https://1348764566

(-k flag needed because I didn't get a valid cert for this variant of the IP. One could also specify the fingerprint but let's keep the demo simple.)

It'll give you a 404 because of the unknown vhost, but it would also do that if you access it using the 'normal' dotted decimal notation: http://80.100.131.150

I used to detect this number actually and it would give you a small easter egg, but nobody triggered it and nowadays Firefox doesn't send it as a host header anymore when you specify the IP as such so I didn't check how to port that over to my new web server stack.

[icedchai]

They probably don't even look at the host header. You can set any host header and it works.

[Philip-J-Fry]

Edge (and I presume Chromium) interprets a https://010.010.010.010 URL as https://8.8.8.8

You can check it by hovering over the link