Here’s a thread on twitter where this was initially reported.
Website Blocked: shantanugoel.com
Blocked by: Airtel
Block Message: airtel.in/dot/ as iframe.
The website is hosted on GitHub Pages, and proxied by CloudFlare. It looks like for some customers, where the CloudFlare network is powered by Airtel face this issue. In such cases, the requests go in this flow:
Customer -> CloudFlare -> Airtel --(Blocked) --> GitHub Pages
However, since CloudFlare is hosting the website, (and is oblivious to this forgery by Airtel), the blocked content is returned with a HTTPS Lock in the browser (Screenshot in tweet above).
For reproducibility purposes, making a request from Digital Ocean Bangalore seems to trigger this reliably. It seems like the same issue that Shantanu, Karthik, and I reported to CloudFlare back in 2016 except now it is being used to block Shantanu’s website.
Since the connection b/w CloudFlare and GitHub Pages isn’t encrypted in this case (The CloudFlare configuration is using Flexible SSL), Airtel is free to tamper with the response, and as a bonus Insert Wynk ads on the block page.
Complete Log (request made from DO:BLR1 (AS14061
))
curl -vvv https://shantanugoel.com/
* Rebuilt URL to: https://shantanugoel.com/
* TCP_NODELAY set
* Connected to shantanugoel.com (172.67.205.172) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Unknown (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2344 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Jul 8 00:00:00 2021 GMT
* expire date: Jul 7 23:59:59 2022 GMT
* subjectAltName: host "shantanugoel.com" matched cert's "shantanugoel.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
* Using Stream ID: 1 (easy handle 0x555bb5d89600)
} [5 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
> GET / HTTP/2
> Host: shantanugoel.com
> User-Agent: curl/7.58.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
< HTTP/2 200
< date: Mon, 02 Aug 2021 16:58:17 GMT
< content-type: text/html
< pragma: no-cache
< cache-control: no-cache
< cf-cache-status: DYNAMIC
< last-modified: Mon, 02 Aug 2021 16:58:17 GMT
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ydextaoIXg9hqnCF4IrIAk8mmp9dXd0SVrRBoqf1X8FsMpX4rosVMcDTpn9SlBfkLlYtc%2FX4af8ELHnXenNpNbGXnYli3yno40VNSLxDnsXgXD6JXgkW87DAknGVGyAndHSZ"}],"group":"cf-nel","max_age":604800}
< nel: {"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 6788d9a0fbdf1da1-BLR
< alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
<
{ [254 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
100 254 0 254 0 0 3479 0 --:--:-- --:--:-- --:--:-- 3527
* Connection #0 to host shantanugoel.com left intact
<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0" /><style>body{margin:0px;padding:0px;}iframe{width:100%;height:100%}</style><iframe src="https://www.airtel.in/dot/" width="100%" height="100%" frameborder=0></iframe>