These domains are used by Fastly CDN customers who use shared SSL hosting. As a Fastly customer you are assigned a certain letter so that they can do propper SNI matching during the SSL handshake.
Some downstream consumers of this list (pfBlockerNG, pihole, NordVPN Cybersec, etc.) will end up blocking some or all of the content hosted on these sites
Because Fastly domains host multiple sites some downstream consumers of this list (pfBlockerNG, pihole, NordVPN Cybersec, etc.) will end up blocking some or all of the functionality of the sites hosted on these domains.
Some legitimate sites that I have identified that are affected:
bleacherreport.net
businessinsider.com
fetlife.com
There are also other sites that are listed in the SNI certificate and can be broke in multiple ways, depending on how the sites implement Fastly/DNS:
500px.com
digitalocean.com
projects.fivethirtyeight.com
ruby-lang.org
rubytogether.org
I suspect these domains were added because there are also other ad domains being hosted here as well (such as adroll)
Can we please remove those two lines so that legitimate sites are not blocked?
There are 110 SNI names handled on the f and m domains; however it is worse than that due to wildcards:
$ for x in {f,m}; do openssl s_client -connect ${x}.ssl.fastly.net:443 < <( echo "Q\r" ) 2>/dev/null | openssl x509 -noout -text 2>/dev/null | grep 'DNS:' | tr ',' '\n' | sed 's/.*DNS://g' ; done | sort | uniq | wc -l
110
jawz101
commented
4 years ago
Hello AdAway Team!
I noticed that in this commit added two hosts that are blocking legitimate sites:
f.ssl.fastly.net#L7330 m.ssl.fastly.net#L7334
These domains are used by Fastly CDN customers who use shared SSL hosting. As a Fastly customer you are assigned a certain letter so that they can do propper SNI matching during the SSL handshake.
Some downstream consumers of this list (pfBlockerNG, pihole, NordVPN Cybersec, etc.) will end up blocking some or all of the content hosted on these sites
Because Fastly domains host multiple sites some downstream consumers of this list (pfBlockerNG, pihole, NordVPN Cybersec, etc.) will end up blocking some or all of the functionality of the sites hosted on these domains.
Some legitimate sites that I have identified that are affected:
There are also other sites that are listed in the SNI certificate and can be broke in multiple ways, depending on how the sites implement Fastly/DNS:
I suspect these domains were added because there are also other ad domains being hosted here as well (such as adroll)
Can we please remove those two lines so that legitimate sites are not blocked?
There are 110 SNI names handled on the
fandmdomains; however it is worse than that due to wildcards: