Website Blocking Report (and Wynk ads): shantanugoel.com

nemo · August 2, 2021, 5:31pm

Here’s a thread on twitter where this was initially reported.

Website Blocked: shantanugoel.com
Blocked by: Airtel
Block Message: airtel.in/dot/ as iframe.

The website is hosted on GitHub Pages, and proxied by CloudFlare. It looks like for some customers, where the CloudFlare network is powered by Airtel face this issue. In such cases, the requests go in this flow:

Customer -> CloudFlare -> Airtel --(Blocked) --> GitHub Pages

However, since CloudFlare is hosting the website, (and is oblivious to this forgery by Airtel), the blocked content is returned with a HTTPS Lock in the browser (Screenshot in tweet above).

For reproducibility purposes, making a request from Digital Ocean Bangalore seems to trigger this reliably. It seems like the same issue that Shantanu, Karthik, and I reported to CloudFlare back in 2016 except now it is being used to block Shantanu’s website.

Since the connection b/w CloudFlare and GitHub Pages isn’t encrypted in this case (The CloudFlare configuration is using Flexible SSL), Airtel is free to tamper with the response, and as a bonus Insert Wynk ads on the block page.

Complete Log (request made from DO:BLR1 (AS14061))

curl -vvv https://shantanugoel.com/
* Rebuilt URL to: https://shantanugoel.com/
* TCP_NODELAY set
* Connected to shantanugoel.com (172.67.205.172) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Unknown (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2344 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jul  8 00:00:00 2021 GMT
*  expire date: Jul  7 23:59:59 2022 GMT
*  subjectAltName: host "shantanugoel.com" matched cert's "shantanugoel.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
* Using Stream ID: 1 (easy handle 0x555bb5d89600)
} [5 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
> GET / HTTP/2
> Host: shantanugoel.com
> User-Agent: curl/7.58.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
< HTTP/2 200
< date: Mon, 02 Aug 2021 16:58:17 GMT
< content-type: text/html
< pragma: no-cache
< cache-control: no-cache
< cf-cache-status: DYNAMIC
< last-modified: Mon, 02 Aug 2021 16:58:17 GMT
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ydextaoIXg9hqnCF4IrIAk8mmp9dXd0SVrRBoqf1X8FsMpX4rosVMcDTpn9SlBfkLlYtc%2FX4af8ELHnXenNpNbGXnYli3yno40VNSLxDnsXgXD6JXgkW87DAknGVGyAndHSZ"}],"group":"cf-nel","max_age":604800}
< nel: {"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 6788d9a0fbdf1da1-BLR
< alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
<
{ [254 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
100   254    0   254    0     0   3479      0 --:--:-- --:--:-- --:--:--  3527
* Connection #0 to host shantanugoel.com left intact
<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0" /><style>body{margin:0px;padding:0px;}iframe{width:100%;height:100%}</style><iframe src="https://www.airtel.in/dot/" width="100%" height="100%" frameborder=0></iframe>

ishan · August 9, 2021, 6:49am

Update.

There are other websites that are also being blocked by Airtel. One of the websites is, After Dark Screensavers in CSS

The error message has changed from

Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India. Please contact administrator for more information

to

The website has been blocked as per order of Ministry of Electronics and Information Technology under IT Act, 2000.

I am not sure how IT Act rules are even applicable to that website.