How to make it possible to connect to the server through a specific domain or is it impossible?

T

Turkmen Time2021-04-30 21:43:39

VPN

Turkmen Time, 2021-04-30 21:43:39

There is a VPN namely ShadowSocks, it is necessary to make it possible to connect to the server only through a specific domain

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

K

ky0, 2021-04-30
@ky0

Are you sure you understand DNS well? Separation by hostnames located on the same IP address makes sense for HTTP - you can configure different request processing depending on the Host header.

V

Vindicar, 2021-04-30
@Vindicar

What does "only through a specific domain" mean?
Those. that it was impossible to be connected, already knowing IP of the server, but not knowing the domain?
I doubt. In the HTTP protocol, the server name is transmitted in the headers, in HTTPS it is transmitted first through SNI, then in the headers, but in ShadowSocks ... they threw out the analysis of the SNI extension not so long ago. So most likely ShadowSocks is in a drum how the user found out the IP - through DNS or something else.
And most importantly, why? What scenario requires this?

C

CityCat4, 2021-04-30
@CityCat4

What does "through a specific domain" mean? And why do you need this, I understand that this is a protective measure - a protective measure from what, from whom?

P

pfg21, 2021-05-01
@pfg21

the firewall does not work with domain names, it only works with ip
something like this (an example far from applied)
allow the passage of packets from addresses 888.888.888.888 range mask 24
iptables -A INPUT -s 888.888.888.888/24 -j ACCEPT
discard all packets from other addresses
iptables -P INPUT DROP