Bug - Not A Bug HTTPS problem? (mafia and logging in)

[Mookie]

All:

Hoping the braintrust here can point out what I am doing wrong.

I know that KoL is now forcibly on HTTPS for login what with AWS and the cloud services.

I play using Mafia, utilizing the "use IP address to connect instead of domain name", since KoL.com is blocked on my network.

Using the newest build that forces HTTPS allows me to log in and burn turns, but the chat seems irredeemable broken, as well as logging me out periodically/constantly.

I'm fairly certain that SSL restricts to the actual domain name. Is there a way I can manipulate this so that I can return to the kingdom using just the IP address? (It's the in the 69 block, if I remember correctly).

Thanks for any advice you might have for me!

 

[heeheehee]

Looks like the current IP address from here is 52.201.7.62 (KoL recently migrated to Amazon's cloud), although it looks like there are three A records.

Trying to connect via https in the browser returns a 301 (Moved Permanently) and redirects me to https://www.kingdomofloathing.com. I'm not sure if we can fix this.

 

[lostcalpolydude]

I also see 54.208.232.10 when trying to ping the site. I'm also doubtful that this feature can work.

 

[heeheehee]

The third A record is 54.178.198.126, for what it's worth.

 

[Laserrobotics]

As bad as this sounds, have you considered... not playing games on a network that's set up to block you from doing so? I assume you're doing this at work or something. Not sure if we should really be helping you get around that.

 

[Mookie]

As bad as this sounds, have you considered... not playing games on a network that's set up to block you from doing so? I assume you're doing this at work or something. Not sure if we should really be helping you get around that.

I can appreciate the 'moral quandry' aspect of this, as it were. Suffice it to say that I don't see the blanket network blackout that this network is using, to be either fair in general or really binding on me in my specific situation.

Sadly, I was worried about how a login moving to the cloud would never be hardcoded to a specific IP for use, and would then just bounce around to whatever cloud resource is answering that particular session.

It's an interesting logic puzzle, but unfortunately looks like I won't be playing the game anymore, unless there is a solution to it.

 

[Darzil]

SSL doesn't necessarily restrict you to the domain name, you just get asked to trust the site if you connect via IP, and recommended not to (because the certificate hosted on the server has the domain name(s), not the IP).

It'll depend how AWS handles it's cloud services, and what KOL are signed up for, but cloud services for a game that doesn't change in size often are probably pretty much fixed.
Looks like www.kingdomofloathing.com has three servers, 54.173.198.126, 52.201.7.62 and 54.208.232.10. Not sure what determines which you use. images.kingdomofloathing.com is 54.231.13.113.
Having one of the IPs for each in a hosts file MIGHT work for you. I'm not sure if any other servers are involved. (this was a quick 2 minute check)

 

[Crowther]

In the past, other people have had legitimate reasons for using this feature (not circumvention), but I agree that circumventing something like this is a direct admission that you know are breaking the rules. This leads to significantly harsher punishments and even "hacking" charges. Only Mookie knows if this is a problem or not, but I know I wouldn't risk it.

 

[xKiv]

since KoL.com is blocked on my network.

Shouldn't https protect you from this, since host name is just as encrypted as all the other headers?
(the unencrypted hostname is included in ssl handshake, but I wouldn't be surprised if standard proxies/firewalls don't bother checking *that*)
(and if your computer is set up to trust the proxy to establish SSL for you, you have bigger problems)
Are DNS requests for kol.com blocked too?

 

[Laserrobotics]

(keeping in mind that 'kol.com' is not in fact the appropriate address, since that's been used twice in this thread now)

 

[xKiv]

(keeping in mind that 'kol.com' is not in fact the appropriate address, since that's been used twice in this thread now)

I expect that everyone using kol.com actually means kingdomofloathing.com or www.kingdomofloathing.com, both of which are present in the certificate's domains.
In case you are wondering, the certificate is primarily issued to kingdomofloathing.com, and alternative names are:
DNS Name: kingdomofloathing.com
DNS Name: www.kingdomofloathing.com
DNS Name: dev.kingdomofloathing.com
DNS Name: devproxy.kingdomofloathing.com
DNS Name: sigs.kingdomofloathing.com
DNS Name: devsigs.kingdomofloathing.com
DNS Name: images.kingdomofloathing.com
DNS Name: services.kingdomofloathing.com

 

[Laserrobotics]

The point being that nobody should be using that, lest we confuse someone who does not in fact know better. As the acronym is KoL, it's only natural to assume that kol.com would be valid; as it isn't, we shouldn't be implying it is.