You can create SSL certificate with a domain name but not so easy with an IP.

See https://blog.filippo.io/how-plex-is-doing-https-for-all-its-...

I'm using it in order to talk to different backends without touching the nginx config.

  server_name ~^(?<sub>\w+)\.127\.0\.0\.1\.xip\.io$;
  root sites/$sub;

When developing for iphone, react native uses xip (i think?) to have direct access to the development server on the laptop. Apple does not allow connecting to the ip directly. Details: https://github.com/facebook/react-native-website/blob/master...

Seems to be targeted at allow multiple vhosts and SSL certs on the same IP.

I generally didn’t use xip.io in the browser bar, the use cases are more commonly putting the address in web forms for things that return a wildcard address but need to be a well-formed domain name. I’ve used xip.io for AWS security rules, CORS rules, Google API redirects, mobile app testing against a local server, stuff like that...

I know my corporate firewalls do not allow connections to bare ip addresses. This allows me to bypass that check for things I haven't assigned names to already.

this makes no sense -- all tcp connections are already to the "bare ip address". dns lookup happens independently of the ip connection. in the case of a browser, your browser asks the local resolver (or with doh, remote nameserver) what the ip is for a given domain, then connects to that ip. I suppose it's possible your network has some strange setup that pokes holes through the firewall based on dns requests, but that would be obscenely expensive both computationally and financially.

He probably means his corporate proxy servers, not firewalls.

indeed, sorry.

The simplest implementation of this would be to block all outbound traffic for all hosts by default, and allow only web traffic out through a proxy. Then for other specific services poke holes for specific src<->dst.

The firewall or proxy is probably looking at the HTTP host header, and blocking requests with an IP there.