The rarely known difference between masked and unmasked redirects

This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the web-development category.

Last Updated: 2024-11-21

My overall goal was to get HTTPS working on a subdomain.

But there was a complication: I wanted to redirect a subdomain of codenottaken.com to an IP address on EC2 without interrupting the serving of a sales page available on /. (The sales page was for the parked domain, which I no longer wanted)

First I tried a CNAME record pandemie mapping to my IP 1.2xx.3xx.4xx This failed, because (obviously) CNAME must map to other domain names - not IP addresses.

Instead I used an unmasked URL redirect record, since this accepts raw IP addresses.

This redirected alright - but to the raw IP address (i.e. that's what displayed in the browser URL field). Since you cannot do SSL with a raw IP address in the browser, this failed. (SSL only works with domain names)

I learned later that the issue was that I used an unmasked redirect. Instead I wanted masked, which meant it keeps the pandemie.codenottaken.com in the browser despite showing content from that different domain (masked works with domain names : e.g. I can show content from example.com on pandemie.codenottaken.com - apparently this is bad for SEO though)

Lessons