-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Russian blacklist #1
Comments
the same problem here in Iran ,what did you done for "gooya.com" does not actually works here ,you proxy still send /GET request directly to the gooya.com domain from my browser! and it could only load the header of the site :) |
We are aware of this problem. We are trying to improve the proxy. It's Le 12/03/2015 10:27, ValdikSS a écrit :
|
We'll investigate. Thx for the report. Le 12/03/2015 18:37, reza-askari9 a écrit :
|
@RSF-RWB my latest idea is to use Teredo tunneling protocol |
@RSF-RWB Nice idea will be browser extension that works like Tor's meek pluggable transport. For example, you can send google.com as SNI and Host: header encrypted by TLS pointing to an appspot app. Sadly it doesn't work on Fastly's CDN so easy because they check SNI against Host:, you need to request it by IP without SNI. So maybe if it possible to do something like certificate pinning in Firefox/Chrome extension, it will be fine. |
What about using HTTPS proxy? Using different domain names (by asking people to lend you some domain name) and not publishing the whole list in one central location would make it more difficult for censors to block all the proxy domain names. |
@randomstuff I use HTTPS proxy on Russian blocking bypass service http://antizapret.prostovpn.org/ |
Lastest update with RU & BY websites : https://github.com/RSF-RWB/collateralfreedom feel free to share ! |
@komachi Domain fronting seems to be working all right on Fastly:
|
First of all, thanks for this great project!
But actually, there aren't any serious issues with blocking your grani.ru mirror in Russia. Most of our ISPs have DPI, which can block HTTPS traffic intercepting SNI or hijack DNS responses from any DNS server to their IP and redirect all the traffic to their IP with certificate forgery.
The text was updated successfully, but these errors were encountered: