Open ValdikSS opened 9 years ago
ghost
commented
9 years ago the same problem here in Iran ,what did you done for "gooya.com" does not actually works here ,you proxy still send /GET request directly to the gooya.com domain from my browser! and it could only load the header of the site :)
RSF-RWB
commented
9 years ago We are aware of this problem. We are trying to improve the proxy. It's an ongoing process. Any ideas are welcome. In the meantime, we'll release new address of the mirrors on this github page. Which is the page the proxy redirect to when a website is blocked. It's really quick for us to create and release a new mirror.
Le 12/03/2015 10:27, ValdikSS a écrit :
First of all, thanks for this great project! But actually, there aren't any serious issues with blocking your grani.ru mirror in Russia. Most of our ISPs have DPI, which can block HTTPS traffic intercepting SNI https://en.wikipedia.org/wiki/Server_Name_Indication or hijack DNS responses from any DNS server to their IP and redirect all the traffic to their IP with certificate forgery.
— Reply to this email directly or view it on GitHub https://github.com/RSF-RWB/collateralfreedom/issues/1.
RSF-RWB
commented
9 years ago We'll investigate. Thx for the report.
Le 12/03/2015 18:37, reza-askari9 a écrit :
the same problem here in Iran ,what did you done for "gooya.com" does not actually works here ,you proxy still send /GET request directly to the gooya.com domain from my browser! and it could only load the header of the site :)
— Reply to this email directly or view it on GitHub https://github.com/RSF-RWB/collateralfreedom/issues/1#issuecomment-78541230.
ValdikSS
commented
9 years ago @RSF-RWB my latest idea is to use Teredo tunneling protocol In Russian and Google Translated
komachi
commented
9 years ago @RSF-RWB Nice idea will be browser extension that works like Tor's meek pluggable transport. For example, you can send google.com as SNI and Host: header encrypted by TLS pointing to an appspot app. Sadly it doesn't work on Fastly's CDN so easy because they check SNI against Host:, you need to request it by IP without SNI. So maybe if it possible to do something like certificate pinning in Firefox/Chrome extension, it will be fine.
randomstuff
commented
9 years ago What about using HTTPS proxy? Using different domain names (by asking people to lend you some domain name) and not publishing the whole list in one central location would make it more difficult for censors to block all the proxy domain names.
ValdikSS
commented
9 years ago @randomstuff I use HTTPS proxy on Russian blocking bypass service http://antizapret.prostovpn.org/ But, well, it requires configuration on the client side and works only in Firefox and Chromium.
RSF-RWB
commented
2 years ago Lastest update with RU & BY websites : https://github.com/RSF-RWB/collateralfreedom
feel free to share !
randomstuff
commented
2 years ago Sadly it doesn't work on Fastly's CDN so easy because they check SNI against Host:, you need to request it by IP without SNI.
@komachi Domain fronting seems to be working all right on Fastly:
curl -vvv https://example.global.ssl.fastly.net/ -H"Host: doxajournal.global.ssl.fastly.net"
First of all, thanks for this great project! But actually, there aren't any serious issues with blocking your grani.ru mirror in Russia. Most of our ISPs have DPI, which can block HTTPS traffic intercepting SNI or hijack DNS responses from any DNS server to their IP and redirect all the traffic to their IP with certificate forgery.