• Stars
    star
    242
  • Rank 167,048 (Top 4 %)
  • Language
  • Created almost 3 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A public letter to Cloudflare to fix their snoopy vendor

A public letter to Cloudflare to fix their snoopy vendor.

What

For the last few years, various websites hosted on GitHub Pages/Google App Engine and fronted using Cloudflare have been blocked in India due to Cloudflare relying on a upstream network provider with a misconfigured network (Airtel). The network flow looks like this:

User -> Any ISP -> Cloudflare -> Airtel (Cloudflare peering partner) -> (GitHub Pages|Google App Engine)

If a website is using "Flexible SSL" or "No SSL" as configured on Cloudflare, the connection between Cloudflare and (GitHub|Google) isn't encrypted, and Airtel blocks many such websites. Because Cloudflare terminates the TLS connection at their end, the browser shows a padlock, thus giving more authenticity to this incorrect block.

Impact

These are just a few of the many websites blocked. This disproportionately impacts the developer community, and especially older websites that had a reason to use Cloudflare on top of GitHub Pages - TLS support. Now that GitHub Pages natively offers SSL, most of these websites can directly be hosted on GitHub Pages.

Here's a list of various such reports: (Click to expand)
Website Reports
teachyourselfcs.com https://twitter.com/oznova_/status/1467957261221830657
neovim.io https://twitter.com/sanchayan_maity/status/1479131300040564737 neovim/neovim.github.io#254
usebottles.com https://news.ycombinator.com/item?id=29358915 bottlesdevs/website#12
reactcommunity.org reactjs/reactjs.github.io#1 https://twitter.com/tecoholic/status/1480528265068515332 https://twitter.com/chiku__p/status/1465988817773481985
thephpleague.com https://www.reddit.com/r/india/comments/r3bc78/hey_anyone_facing_issues_with_airtel/ thephpleague/thephpleague.github.io#102
tldr.sh https://www.reddit.com/r/developersIndia/comments/p3kxi4/why_are_some_nonporn_dev_related_websites_blocked/ tldr-pages/tldr#7626
draftjs.org facebookarchive/draft-js#3086 https://twitter.com/vaishnavs0/status/1480403158631260161
pennapps.com https://twitter.com/skxrxn/status/1479520588955742209?s=20
termux.com https://twitter.com/geekodour/status/1478963440412626946 termux/termux.github.io#56
rsms.me https://twitter.com/sahilk/status/1479489063874752512 https://twitter.com/sahilk/status/1441104954408587264
shantanugoel.com https://twitter.com/prohack/status/1422233887522975744 https://forum.internetfreedom.in/t/website-blocking-report-and-wynk-ads-shantanugoel-com/2318
codewithrockstar.com RockstarLang/codewithrockstar.com#11 https://news.ycombinator.com/item?id=29481644
web.mightyme.in https://stackoverflow.com/questions/70420313/getting-the-website-has-been-blocked-as-per-order-of-ministry-of-electronics-an
buyday.in https://stackoverflow.com/a/70426860
boxbilling.org boxbilling/boxbilling#1178 https://twitter.com/MichaelAnandR/status/1471935979787194373
Node-OS.com NodeOS/nodeos.github.io#28
konvajs.com konvajs/konva#1161
breaks.eu.org https://www.reddit.com/r/developersIndia/comments/rg4fqb/airtel_blocked_my_projects_website_please_help/
platesphp.com thephpleague/plates#288 https://www.reddit.com/r/india/comments/r3bc78/hey_anyone_facing_issues_with_airtel/
coreui.io https://old.reddit.com/r/india/comments/p12qtq/why_did_govt_of_india_blocked_a_html_template/ coreui/coreui-website#19
4fw.pw #2
mpp.su #2
about.hacktohell.org https://twitter.com/hacktohell/status/1479484933785538562
one9x.org https://twitter.com/Ramank775/status/1465979965002846209
kossiitkgp.org https://twitter.com/OrkoHunter/status/1425089684535975937
orkohunter.net https://twitter.com/OrkoHunter/status/1425089684535975937
treyhunner.com https://twitter.com/abdulmuneer/status/1466289536833523714
wowjs.uk https://twitter.com/rahulrrnair/status/1465629811368357888
akshatmittal.com https://twitter.com/iakshatmittal/status/1479517378455040002
garudahacks.com https://twitter.com/skxrxn/status/1479520588955742209?s=20
noflojs.org noflo/noflo#863
docs.pixelfed.org pixelfed/docs#80
nodered.org https://community.cloudflare.com/t/website-blocked-for-some-users-in-india/300620
catalogue.nodered.org https://community.cloudflare.com/t/website-blocked-for-some-users-in-india/300620
codeception.com Codeception/codeception.github.com#591
srijanshetty.in https://twitter.com/srijanshetty/status/1468523289467179008
awesome-python.com https://github.com/vinta/awesome-python/issues/1909
bryanbraun.github.io bryanbraun/bryanbraun.github.io#42
pdm.fming.dev pdm-project/pdm#786 pdm-project/pdm#844
seaql.github.io SeaQL/seaql.github.io#12
pramod.io #10 Blocked even on Google App Engine
Several of these websites are critical to many developers, and none of these deserve to get blocked in India. Some of the above website are no longer blocked, because the website owner switched away from Flexible SSL to Strict SSL. However, this only happens when someone notices the block, debugs the issue correctly, and the website owner understands and fixes the issue. This is not a viable solution in this case.

There's hundreds reports on Twitter and GitHub

Call to Cloudflare

Hey @Cloudflare, please take care of this. Indian developers have been blocked out various critical websites because your upstream vendor (peering partner) has a misconfiguration. This has been going on for years, with no action or update at your end.

Here's a few simple requests:

  1. Get Airtel to fix the issue at their end.
  2. Switch to a different upstream (peer) if that doesn't happen.
  3. Publish a transparency report acknowledging the issue and confirming how many websites were incorrectly blocked without a court-order.
  4. Notify Flexible SSL users that their websites are getting blocked in India.

Flexible SSL is a decade-old product that has no place in the modern web. Users should get a big red warning when enabling such a product in today's times with free SSL certificates.

Help, my website is blocked

If you got a report about your website being blocked in India, with a message that reads:

The website has been blocked as per order of Ministry of Electronics and Information Technology under IT Act, 2000.

Here's a number of ways to fix the issue:

  1. Switch from Cloudflare to direct GitHub Pages, which supports TLS now.
  2. Enable HTTPS on GitHub pages, and switch the upstream on Cloudflare to get strict SSL instead of flexible.
  3. Switch to a different hosting provider altogether (CloudFlare Pages, Netlify, ...)

If you aren't using Cloudflare, please open an issue.

If you'd like to notify a site owner, please send them this link: https://github.com/captn3m0/hello-cloudflare/blob/main/README.md#help-my-website-is-blocked

Help fight Censorship in India

If you'd like to support the fight to fix the state of Internet censorship in India, and bring more transparency on how it works, please donate to the Internet Freedom Foundation. You will need a valid Indian PAN Card.

More Repositories

1

google-sre-ebook

Google SRE Book Generator (EPUB/MOBI/PDF).
Shell
1,208
star
2

ideas

🚀 Ideas for everyone under a CC licence. Feel free to use. I'll send you a postcard if you build anything on this list.
418
star
3

pystitcher

pystitcher stitches your PDF files together, generating nice customizable bookmarks for you using a declarative markdown file as input
Python
389
star
4

boardgame-research

List of research around modern boardgames.
XSLT
357
star
5

ifttt-webhook

♻️ A webhook middleware for the ifttt.com service
PHP
302
star
6

hackertray

ℹ️ HackerTray is a minimalist Hacker News app for Linux
Python
247
star
7

plaintext-everything

📝 A list of tools and articles helpful for keeping everything under plaintext.
118
star
8

the-joy-of-software-development

📘 A book for Software Developers who want to expand their knowledge. Encompassing various languages, tools, frameworks and technologies, it aims to improve your understanding of Software Development.
Shell
96
star
9

nebula

Source Code for the Home Server setup.
HCL
56
star
10

constitution

Constitution of India, in plain text (with git history)
40
star
11

cosmere-books

Script to build EPUB/MOBI/PDF versions of various books by Brandon Sanderson
HTML
39
star
12

jqaas

jq as a service
PHP
32
star
13

indiapost-tracker

India Post tracker API
Python
31
star
14

sanskari-proxy

A proxy for security researchers outside India to access Indian government websites without resorting to shady VPNs.
29
star
15

potion

Potion is github-pages compatible editor for jekyll blogs.
JavaScript
26
star
16

security-engineering-ebook

Script to generate a combined PDF for the Security Engineering 3rd edition book from the publicly available chapters under review.
Shell
25
star
17

Scripts

🏃 I keep lots of small scripts in the ~/scripts directory. Added it to path as well
Perl
20
star
18

india-isin-data

International Securities Identification Numbers for various Indian Securities
Shell
20
star
19

dotfiles

My dotfiles, managed using GNU stow
Perl
20
star
20

codechef

Codechef Problems viewer with an offline copy of all practice problems from codechef
PHP
20
star
21

amon

amon is a hacking tool for maintaining access to accounts using oauth tokens, instead of passwords.
Ruby
17
star
22

sympathy

Local File Editor for Chrome using NPAPI
JavaScript
17
star
23

disable-web-fonts

Disables Custom Fonts across all website. Saves Bandwidth. Blocks Trackers
JavaScript
17
star
24

configurator

Javascript configuration library to handle an application's configuration. Stores config to localstorage.
JavaScript
13
star
25

mf.captnemo.in

Get information about Indian Mutual Funds from their ISIN numbers.
Ruby
13
star
26

muse-dl

Download and stitch books from Project MUSE
Crystal
12
star
27

url-to-epub

A simple script that generates an EPUB from a single URL, zero-config
JavaScript
12
star
28

cctc3-solutions

Solutions to Round 1 of the CCTC Wave III Contest (Jeopardy style CTF)
PHP
11
star
29

youtube-cue

Generate CUE sheet from timestamps in youtube video description
JavaScript
11
star
30

nullcon2014

Source code for my talk on browser extension security
Ruby
11
star
31

uservoice

Clone of uservoice based on Kohana
PHP
10
star
32

outliner

A simple HTTParty based wrapper for the Outline API. Comes with ready scripts to import|export content from Outline.
Ruby
10
star
33

multiplayerchess.com

MultiplayerChess.com Source Code
JavaScript
10
star
34

tls.wtf

A hands-on workshop on using OpenSSL for TLS
Dockerfile
9
star
35

eteled

@eteled is a github bot that auto-deletes future comments from a discussion
Ruby
9
star
36

india-mutual-fund-ter-tracker

Tracking Total Expense Ratios of Indian Mutual Funds. Automatically updated daily.
HTML
9
star
37

what-to-read

Peppers your goodreads to-read list with amazon links
Ruby
8
star
38

epub-metadata-generator

Generates a metadata.xml file for an EPUB from various online sources, can be used with pandoc
JavaScript
7
star
39

gringotts

Personal expenses tracker over Ecommerce applications
Ruby
7
star
40

quick-list-select

Ever had a long list that needed to be marked Yes / No and you wanted to do it faster than Excel?
HTML
6
star
41

ickabog-ebook

Script to generate PDF and EPUB for "The Ickabog" by J.K Rowling
Shell
6
star
42

lightsaber

DNS - 30x Redirect hosted service
Ruby
6
star
43

historical-mf-data

Historical Mutual Funds data
Python
5
star
44

opml-gen

Ruby
5
star
45

magicmuggle

Script to build EPUB/MOBI/PDF versions of "Magic Muggle" book
Ruby
5
star
46

sushigo

Ruby
5
star
47

kerala-it-policy-draft

A markdown version of the Kerala State Information Technology Policy (Draft)
5
star
48

modernart

This is a MiniZinc based attempt to solve the Modern Art: Masters Gallery game.
PHP
4
star
49

obtvse-editor

DEPRECATED REPOSITORY See Potion
JavaScript
4
star
50

musicfellas-downloader

Simple Downloader for musicfellas.com
Shell
4
star
51

india-pincode-regex

A simple regex based exhaustive validator for PIN codes in India
JavaScript
4
star
52

jekyll-sqlite

A Jekyll plugin that lets you use SQLite database instead of data files as a data source.
Ruby
4
star
53

crypto.koans

crypto.koans are koans to help you learn openssl/tls/curl practical usage
PHP
4
star
54

prometheus-act-exporter

Exposes your current ACT Fibernet Internet usage as prometheus metrics. Scrapes the data from the ACT Portal website by using puppeteer.
JavaScript
4
star
55

tabcoin

Ruby
3
star
56

pget

Download Manger using PyGTK with multi-threaded download support
Python
3
star
57

suntime

Crystal library for calculating sunrise and sunset times.
Crystal
3
star
58

goosh

Fork of the original goosh shell (goosh.org). Modified with my own extensions for specific purposes
JavaScript
3
star
59

news

Plain-Text India-focused News
HTML
3
star
60

hackertray-win

Port of captn3m0/hackertray to Windows using node-webkit
JavaScript
3
star
61

forteller-dl

Downloads MP3 files from Foreteller Games, without using the app. You must purchase the media first from https://www.fortellergames.com/.
PHP
3
star
62

channeli-notice-fixer

This extension fixes the broken links in Channel I notices
JavaScript
2
star
63

muse-ebook-downloader

Archived. See muse-dl instead
Shell
2
star
64

npci-rss-feeds

RSS Feeds for various NPCI Circulars and Notifications.
Smarty
2
star
65

elibsrv

GitHub mirror for elibsrv
C
2
star
66

wona

WoNA Archives (IITR News Magazine)
HTML
2
star
67

pdp-book

HTML
2
star
68

ics-to-html

Script to publish an ICS calendar as HTML
Ruby
2
star
69

avatars

This repository contains the various avatars, and wallpapers that I use.
2
star
70

nand2tetris

The Elements of Computing Systems, My Workbook for the NAND to Tetris course.
Assembly
2
star
71

never-say-you-cant-survive

Script to generate an ebook for "Never Say You Can't Survive" - book by Charlie Jane Anders.
Ruby
2
star
72

Minerva

Minerva is a simple ebook scanning system, which uses amazon's Product Search API along with google book search to generate metadata for each book. It does full text indexing using Zend_Lucene in PHP.
PHP
2
star
73

ifttt-evernote

ifttt-webhook plugin for adding articles to evernote. Uses the readability API
PHP
2
star
74

pocket-channel-i

@IMGIITRoorkee's pocket-channel-i chrome extension without the "tabs" privilege.
JavaScript
2
star
75

ariel

Ariel is a real time collaborative code editor
JavaScript
2
star
76

gothok

A Game of Thrones: Hand of the King
Python
2
star
77

kuvera-unofficial-api-specification

Unofficial Specification for the Kuvera read APIs
HTML
2
star
78

akira-backend

Akira backend written using Limonade
PHP
2
star
79

hoshruba

Script to build EPUB/MOBI/PDF versions of "Hoshruba: The Land and the Tilism" book
CSS
1
star
80

msgboy

Msgboy pushes your web to your browser!
JavaScript
1
star
81

talks

Some Talks...
HTML
1
star
82

find-my-constituency

Python
1
star
83

terraform-docker-kayak

HCL
1
star
84

terraform-http-setcronjob-whitelist

Terraform Module that returns the latest SetCronJob IP Whitelist: https://support.setcronjob.com/hc/en-us/articles/219802207-SetCronJob-IP-addresses-list
HCL
1
star
85

tld-a-record

CSS
1
star
86

opengram

Elixir
1
star
87

dorycms

Little, simple, and made for developers who want their designs to be quickly integrated into the website.
JavaScript
1
star
88

google-swe-ebook

Google SWE EBook Generator (PDF/EPUB)
Python
1
star
89

cneditor

PHP
1
star
90

projecteuler.net

My solutions of Project Euler problems
C++
1
star
91

electron-fingerprints

Generates fingerprints for electron version detection by downloading electron releases and generating checksums of the files contained in each release.
PHP
1
star
92

thesetup

Analysis of hardware/software used by people featured on The Setup (usesthis.com)
Shell
1
star
93

asmodee-owns-it

List of boardgames showing Asmodee's dominance in the boardgame industry
PHP
1
star
94

captn3m0

GitHub Profile page
1
star
95

frakjs

JavaScript
1
star
96

js-guard

Source code for the JS-Guard extension by CDAC.
JavaScript
1
star
97

hacker

Hacker was a text-based game I wrote long time ago in my 8th grade. Compiles only in Turbo C++
1
star
98

chrome-pin-keyboard-shortcut

Creates a keyboard shortcut (Ctrl+Shift+A) to toggle the pinned state of the current tab.
JavaScript
1
star
99

okiya

JavaScript
1
star
100

playtube

Music player that runs on top of youtube for my raspberry pi
Python
1
star