Published in blog / webtech
Tags:

Ok, this one is going to be a fairly short post. But nevertheless very helpful, if you:

  • have issues with your CDN (content delivery network) and don't know if it is your server or the CDN,
  • want to iterate on a page without ongoing cache purging on the site and the CDN,
  • cannot login to your admin panel or

any simlar reason. You may imagine that I have come accross at least one of these reasons. I lost some nerves and so this is little writeup is maybe helpful for you!

What you need is direct access to your server. Only then you can see an un-cached version and make some further troubleshooting.

Then it is necessary to bypass your CDN and access your web server directly using the IP of the website's server.

The solution is quite simple. You need to tell the operating system to contact a certain IP for a certain website.

OK, how do we do that?

Windows: set IP to access a Website

In Windows we need to add the IP and website under:

C:\Windows\System32\drivers\etc\hosts

However, to do so we need to open the file as administrator.

Simply search for your program of choice, i.e. the editor or notepad++ . Then right-click on the result and chose "run as administrator".

Open the file

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#   127.0.0.1       localhost
#   ::1             localhost

Here, we have to simply add IP and domain.

Let's see how if this works.

A simple verification of the direct IP access to a website

Let's run a test ping to google.com from my location, central Europe. This results in:

Ping is executed for google.com [142.250.185.174] with 32 Bytes:
answer by 142.250.185.174: Bytes=32 Time=55ms TTL=116

Please forgive my rough translation of ping's output.

Now let's add the following line to the hosts file:

# localhost name resolution is handled within DNS itself.
#   127.0.0.1       localhost
#   ::1             localhost
64.233.185.138 google.com

This means we access google.com over the above IP address. Let's see what this does for our ping to the site:

Ping is executed for google.com [64.233.185.138] with 32 Bytes:
answer by 64.233.185.138: Bytes=32 Time=184ms TTL=102

The other IP also answers to a request for google.com. And it is quite a bit slower - we have accessed a google server in the United States!

Access your website directly, bypass the CDN

To add your website my-cool-website.com at the actual server's IP 1.2.3.4, you may simply add the following to your hosts file:

# localhost name resolution is handled within DNS itself.
#   127.0.0.1       localhost
#   ::1             localhost
1.2.3.4 my-cool-website.com

That's really easy. We told the operating system to request a certain website from a certain IP. Aren't we quite the hackers? Anyhow, let's find out how this is done in Linux.

Linux: set IP to access a Website

In Linux, we open the hosts file in the following way:

sudo vi /etc/hosts

You may also use another editor such as gedit if you like. However, we need to access this important file as administrator again.

Now add (sounds familiar?!) your cool website accordingly:

1.2.3.4 my-cool-website.com

That's all. We can really access websites through pre-set IP's from different operating systems.

Let's verify.

Verification of IP access to web server in Linux

The test in Linux is straight forward. We compare the ping to google with and without adaptation of /etc/hosts:

# without adaptation of /etc/hosts
PING google.com (142.250.185.174) 56(84) bytes of data.
64 bytes from fra16s51-in-f14.1e100.net (142.250.185.174): icmp_seq=1 ttl=115 time=41.6 ms

# adding 64.233.185.138 google.com to /etc/hosts
PING google.com (64.233.185.138) 56(84) bytes of data.
64 bytes from google.com (64.233.185.138): icmp_seq=1 ttl=101 time=129 ms

As you can see, we have effectively changed the IP to access google's website.

Awesome. Anything else?

Notes on Website Security: Make your Website Safe!

We have seen how easy it is to bypass a CDN if you know the IP. If you have a dynamic website such as WordPress or Joomla, make sure that noone can access your admin area without protection.

CDN's such as Cloudflare generally offer very good protection. But if you leave the IP of your actual server in the open, this is an invitation for simple attacking scripts.

Therefore always mask your IP by setting all DNS records using the CDN provider. This includes setting of mail records, which are often forgotten. See for example here for simple explanations.

Additionally, you may set a CDN page rule that noone can actually access your administrator login even with CDN protection.

For a WordPress website on Cloudflare, insert the following page rule:

my-cool-website.com/wp-admin*
Forwarding URL (Status Code: 302 - Temporary Redirect, Url: https://my-cool-website.com/)

Now you may wonder: I cannot access my admin panel! Noone can!

But here comes the trick

Access your website over the server's IP that just you (and your CDN provider) knows. Simply follow the steps above and you (only you) can access your website's admin panel!