Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Russian blacklist #1

Open
ValdikSS opened this issue Mar 12, 2015 · 9 comments
Open

Russian blacklist #1

ValdikSS opened this issue Mar 12, 2015 · 9 comments

Comments

@ValdikSS
Copy link

First of all, thanks for this great project!
But actually, there aren't any serious issues with blocking your grani.ru mirror in Russia. Most of our ISPs have DPI, which can block HTTPS traffic intercepting SNI or hijack DNS responses from any DNS server to their IP and redirect all the traffic to their IP with certificate forgery.

@ghost
Copy link

ghost commented Mar 12, 2015

the same problem here in Iran ,what did you done for "gooya.com" does not actually works here ,you proxy still send /GET request directly to the gooya.com domain from my browser! and it could only load the header of the site :)

@RSF-RWB
Copy link
Owner

RSF-RWB commented Mar 12, 2015

We are aware of this problem. We are trying to improve the proxy. It's
an ongoing process. Any ideas are welcome. In the meantime, we'll
release new address of the mirrors on this github page. Which is the
page the proxy redirect to when a website is blocked. It's really quick
for us to create and release a new mirror.

Le 12/03/2015 10:27, ValdikSS a écrit :

First of all, thanks for this great project!
But actually, there aren't any serious issues with blocking your
grani.ru mirror in Russia. Most of our ISPs have DPI, which can block
HTTPS traffic intercepting SNI
https://en.wikipedia.org/wiki/Server_Name_Indication or hijack DNS
responses from any DNS server to their IP and redirect all the traffic
to their IP with certificate forgery.


Reply to this email directly or view it on GitHub
#1.

@RSF-RWB
Copy link
Owner

RSF-RWB commented Mar 12, 2015

We'll investigate. Thx for the report.

Le 12/03/2015 18:37, reza-askari9 a écrit :

the same problem here in Iran ,what did you done for "gooya.com" does
not actually works here ,you proxy still send /GET request directly to
the gooya.com domain from my browser! and it could only load the
header of the site :)


Reply to this email directly or view it on GitHub
#1 (comment).

@ValdikSS
Copy link
Author

@RSF-RWB my latest idea is to use Teredo tunneling protocol
In Russian and Google Translated

@komachi
Copy link

komachi commented Mar 12, 2015

@RSF-RWB Nice idea will be browser extension that works like Tor's meek pluggable transport. For example, you can send google.com as SNI and Host: header encrypted by TLS pointing to an appspot app. Sadly it doesn't work on Fastly's CDN so easy because they check SNI against Host:, you need to request it by IP without SNI. So maybe if it possible to do something like certificate pinning in Firefox/Chrome extension, it will be fine.

@randomstuff
Copy link

What about using HTTPS proxy? Using different domain names (by asking people to lend you some domain name) and not publishing the whole list in one central location would make it more difficult for censors to block all the proxy domain names.

@ValdikSS
Copy link
Author

@randomstuff I use HTTPS proxy on Russian blocking bypass service http://antizapret.prostovpn.org/
But, well, it requires configuration on the client side and works only in Firefox and Chromium.

@RSF-RWB
Copy link
Owner

RSF-RWB commented Mar 12, 2022

Lastest update with RU & BY websites : https://github.com/RSF-RWB/collateralfreedom

feel free to share !

@randomstuff
Copy link

randomstuff commented Mar 13, 2022

Sadly it doesn't work on Fastly's CDN so easy because they check SNI against Host:, you need to request it by IP without SNI.

@komachi Domain fronting seems to be working all right on Fastly:

curl -vvv https://example.global.ssl.fastly.net/ -H"Host: doxajournal.global.ssl.fastly.net"

@RSF-RWB RSF-RWB transferred this issue from another repository Mar 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants