All of my cloudflare registered domains don't work with iphone over wifi (specific isp maybe)


#1

Hi Everybody,

i have a strange problem , my websites under clouldflare works okay most of the times but in Iphone browser i don’t get response over wifi !

And we have an application for the website which works okay with all ISPs and ANdroids but dont’ work with some ISPs and IPHONES!!!

So it’s Iphone only problem with some ISPs , what on earth could be the reason ?
because all the websites under cloudflare got same problem.

Bests
Amir


#2

Iran? -> https://community.cloudflare.com/search?q=iran


#3

Yes Iran!
exactly same problem as Problem in load site in IOS device


#4

is buying a dedicated certificate solves this problem ?


#5

while theoretically possible, I think it would be unlikely.

The only scenario by which a dedicated certificate could help, is if Iran’s government wants to make sure that the CN of the certificate matches the domain you send over SNI, which I don’t have a reasonable idea why would they care. Most likely they want some site down, and that site happens to share the same Cloudflare IP as your site. So they block the other site… and other innocent sites get blocked at the same time.

There has been a similar issue some months ago that some government wanted to take Telegram down. They ended up breaking many websites while doing so, but the funny thing is that Telegram itself remained up in that country :slight_smile:

Replacing to dedicated certificate, I think (don’t know, because I’ve not tried) won’t move you to another Cloudflare IP. And if your IP being blocked by the Iranian government, then it won’t help. Especially if the TCP connection to the server never opens (a prerequisite for the server to be able to send you either a Universal or Dedicated Certificate)… Another domain on Cloudflare might (I have a few domains, and each one of the domains got a different set of IPs) - but that is probably not feasible, if not only because of the “little” problem that you need your users to somehow know about the other domain.

Though it is kinda strange that on the same WiFi Android will work and iPhone will not. Perhaps different protocols? For example maybe iPhone still uses TLS 1.2 and your Android already tries TLS 1.3 for example? You could try to disable TLS 1.3 under “Crypto” and set “Minimum TLS version” to 1.2, to force all clients to the same TLS version. See if that makes a difference…