188.114.97.7:443 is not responding ru Russia connections

I’ve been struggling with the issue of my site behind CF is not accessible from Russia region for 188.114.97.7 ip address.

:

But if the domain receives 104.21.8.79 ip address it gets available:

image

What is the root cause of this ?
Thanks

Given that there’s been another post about accessibility from Russia (Timeout https connections in Russia), it sounds like there might either be an issue with a particular ISP or something on a wider-scale.

Have you contacted your ISP? (or if the first screenshot isn’t yourself, have they?)

No, this is not ISP specific, I’ve just found that this IP address is blocked by Roskomnadzor and is not accesible from any Russian ISP :frowning:

Whether it is possible to configure CF DNS to not use 188.114.96.0/20 range of ip address for my site ?

Whether it is possible to configure CF DNS to not use 188.114.96.0/20 range of ip address for my site ?

Typically, no - there’s a write-up on it below.

Of course, Cloudflare might take action for impacted customers but that’s not my position to say they will or won’t.

@KianNH thanks for the reply, where could I ask CF to not use these IP range for my site?

Port 443 is blocked for 188.114.96.2, 188.114.97.2, 188.114.96.7, 188.114.97.7 addresses on RU TSPU (ТСПУ) hardware — a government-made censorship black box installed on many, but not all residential ISP networks.

More information and technical discussion (in RU):

Report the issue to Roscomnadzor

Напишите о проблеме в Роскомнадзор. Подайте обращение у них на сайте https://⁨eais.rkn.gov.ru/feedbackForm/⁩
Информация об ограничении доступа → Узнать причину ограничения доступа - заполните форму .

Второй вариант: ⁨https://rkn.gov.ru/treatments/ask-question/
Сайты в сети Интернет → Разблокировка интернет-ресурсов → Сформировать обращение в Роскомнадзор в порядке Федерального закона.

Use another DNS resolver

The blocked IP addresses are used for many domains are a part of geobalanced IP set. Most often this set is served over Google DNS 8.8.8.8/8.8.4.4 (regardless of EDNS Client Subnet).

Switching to Cloudflare’s 1.1.1.1 resolver may help, or at least will decrease the probability to hit these addresses.

Add another non-blocked IP address for domain to hosts file

Cloudflare’s balancer allows to use almost any IP address for any hosted domain. Thus, it’s possible to use any non-blocked IP address of Cloudflare to access the website.
Add something like this to the hosts file:

104.16.132.0 something.com

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.