Website blocked for some users in India

DNS & Network 1.1.1.1
#1

We manage the DNS for https://nodered.org through Cloudflare, including the subdomain https://catalogue.nodered.org/

As of a couple weeks ago, we’ve started getting reports from some users in India that those sites are being blocked.

For one user, their browser is redirected to 182.79.218.34:8080 - which is, as far as I can tell, an IP associated with an ISP in India.

We’re not sure how to debug this further - or to nail down where the issue is exactly. Does anyone have any advise or experience in issues like this?

#2

Hey,

The best option to do is contact BHARTI Airtel Ltd. which the IP links back too.
It happens occasionally with Comcast in the US blocking sites for security reasons :slight_smile:

Hope this helps

#3

It sounds like this issue might be similar to the one mentioned in this post where Cloudflare’s IPs were being blocked because another domain using Cloudflare contained “illegal” content.

#4

If that is the case there’s nothing you can really do except for changing plans which I think will result in your site being assigned different Cloudflare IPs. Though someone will have to confirm that :slightly_smiling_face:

#5

Having dealt previously with this (Website blocked for some users in India, https://forum.internetfreedom.in/t/website-blocking-report-and-wynk-ads-shantanugoel-com/2318), there is one simple fix that works: Please enable Flull SSL on your CloudFlare configuration.

The connection from CloudFlare → Upstream is configured over HTTP (instead of HTTPS) and CloudFlare’s ISP (Airtel in this scenario) is the one actually doing the block, so to the user it appears with a green padlock.

If you switch from HTTP to HTTPS on the origin connection, this gets fixed because Airtel can’t MITM TLS without CloudFlare noticing. You’ll need to enable HTTPS on the GitHub end, but that is also fairly straightforward: Securing your GitHub Pages site with HTTPS - GitHub Docs

#6

@nemo thanks for the reply. Good to know this wasn’t just us.

I’ve made the configuration changes you’ve suggested - lets see if it improves matters.