0

I am encountering more and more issues with an app I created that binds to 127.0.0.1 on an obscure port. I have a domain name - due to needing an SSL cert - that resolves to 127.0.0.1.

I have this because my browser-based solution connects to the app on the local machine over a secure web socket, for example, I use wss://mydomain.com to connect.

For most people, this works just fine.

But more people are not connecting. I've come to learn DNS rebinding protections are likely at work. A solution for most people I've found is updating their local DNS to 8.8.8.8. If they do this it works. However, the out-of-the-box experience is being hindered.

Is there any reliable way to bypass DNS rebinding or set my app up in a way that doesn't have the issue?

I heard that using an obscure 127, like 127.211.134.233, could work.

Any help is greatly appreciated

Improve this question
4
  • I think you can never prevent this because web browsers also seem to implement those protections, and you can't change the web browser of a client. And if you do bypass those protections you will likely create a security threat. Isn't there a way, maybe with a reverse proxy to do it properly nginx.com/blog/websocket-nginx
    – Turdie
    Commented Jan 31 at 6:55
  • Would using 0.0.0.0 have the same issue?
    – Dan
    Commented Jan 31 at 18:32
  • Using 0.0.0.0 means all network interfaces. Don't your app has a library to properly setup a network connection? I can't imagine that in this day and age or it must be very legacy
    – Turdie
    Commented Jan 31 at 19:25
  • @Turdie sorry for the delay in replying to this. We are still having this issue. We can bind to an internal IP the issue is we need to know what this IP is as we initiate a web socket connection from the browser to our software. We know 127.0.0.1 is the same for everyone. We can't get a secure certificate for 127.0.0.1 so that's out of the window and the DNS rebinding issues are still on-going.
    – Dan
    Commented Jun 6 at 20:36

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .