Change mtu size

Hi. is it possible to change mtu size (ipv4) in cloudflare ?

MTU should be 1500 within the Cloudflare network. Which is almost standard. Even if they changed it, it wouldn’t have any effect on your connection.

What’s the reason for your question?

Thanks for answer.
We have some troubles with some internet providers. They block some of our sites, and as we know, they use some DPI(deep packet inspection) hardware,
We want decrease MTU to force fragmentate our response headers,
if MTU will enough small, all headers will be fragmented.
which can be help us bypass blocking.(i hope :slight_smile: )

What would they inspect, considering you hopefully have a proper TLS connection in place?

as i know they(providers) inspect SNI header for matching hostname , which need to block

SNI is something sent by the browser, so you’d need to control the visitor’s MTU.

Furthermore, even with a lower MTU there is no guarantee the packet containing the SNI would be fragmented (unless you set it two 2 or 3 :)), so in most cases the ISP would still be able to scan individual packets for your host name.

Last but not least, there is no real mainstream support for it but Cloudflare already supports ESNI, so once browsers have adopted it, that attack vector should disappear.

Last last :), the most common filtering technique is DNS poisoning.

Thanks for reply Sandro,
i think i understand :slight_smile:
Is there any way to bypass blocking, when providers block my domain?

The first step should be to determine which approach is used to block your site.

I will research again and write here, thank you

Just to note - eTLS eSNI should protect against blocking specific websites. It’s already a thing in Firefox and Chrome is working on it. At that point, ISPs and Governments will have to either take entire CDNs offline (like Cloudflare or Cloudfront) or go through due process of taking down a domain via the hosting provider.

Sorry, but ETLS is broken by design.

1 Like

Oh my - I completely botched that! I meant eSNI (encrypted SNI).

1 Like

Apology accepted :sweat_smile:

1 Like

It’s not. And depending on the reason/nature of the block of your website/service attempting to circumvent the block may be viewed as a violation of our terms of service by our Trust & Safety team.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.