- This behavior only works when the reverse proxy or CDN is configured like this:
Proxy/CDN: HTTPS (443) → Origin server: plain HTTP (80)
(example: Cloudflare in Flexible mode)
If the origin server uses any proper TLS configuration, even a self-signed certificate, this method stops working. It only succeeds when the upstream connection to the origin is unsecured.
If you want to test this on a random site without Cloudflare or reverse proxy in general on HTTP:
curl http://www.digiboy.ir/boobs.jpg -v
- How's this work with https like in the example? The hops along the way shouldn't see the path.
Is this implying that all TLS is terminated at the Iran border and proxied from there? And all Iranian sites are required to host via http? That has significantly more implications than what this post is about.
Maybe certificate authorities aren't allowed to issue private certs to Iranian organizations? Even LetsEncrypt?
- I'm wondering for what purpose one would be interested in finding out if a site is hosted in Iran or not.
by KiranRao0
4 subcomments
- Does anyone have sample sites that return this?
by pavel_lishin
0 subcomment
- A long time ago, my friends and I found a "scary"-looking image, written in a mixture of English and Arabic, warning the viewer that they'd come afoul of ... I forget, some Iranian government department of censorship?
Naturally, we made it so that 1% of the requests to a forum we ran at the time displayed it to the viewer. :)
by vivzkestrel
1 subcomments
- I am probably a little dumb, i read the article but dont understand what happened. can some HNer kindly explain?
- So presumably Iran has a reverse proxy in front of the entire internet for HTTP?
I really want to know what's on the webpage for the iframe.
- Is there a Scunthorpe problem looming there? Birdwatchers might seek out information about boobies - are they treated like boobs.jpg is?
- So does this mean 10.x.x.x is publicly routable inside iran? Why wouldn't the Iranian government just use its own ip space for the censorship message?
by JumpCrisscross
0 subcomment
- I wonder if this could be broadened to a list of Wikipedia links to humanitarian content folks in repressed regimes are or might get blocked from. Tiananmen Square [1]. Wen Jiabao's staggering corruption [2]. Epstein's e-mails [3]. Et cetera.
Like Netflix launching Fast.com, this would directly weaponise these regimes' censoring tendencies against themselves.
[1] https://en.wikipedia.org/wiki/1989_Tiananmen_Square_protests...
[2] https://www.nytimes.com/2012/10/26/business/global/family-of...
[3] https://jmail.world
by cluckindan
3 subcomments
- Wow. The screenshot had the IP address exactly where I placed my finger to scroll, and iOS Safari briefly opened a popup window where it started connecting to that IP.
Fuck this shit, I’m moving to a hovel in the woods.
by ThePowerOfFuet
3 subcomments
- https://xcancel.com/hkashfi/status/1995109785679573167
by lovegrenoble
0 subcomment
- Why not?
- I saw “boobs” so I ran.
-Iran
Hacker News