On Thu, Jan 8, 2015 at 3:47 PM, Aleksejs Popovs <popoffka@gmail.com> wrote:
To conclude, this is a real case of a non gambling-related page being blocked, although almost definitely by accident. I will notify Lattelecom about this.
Cloudflare-hosted sites are included as Subject Alternative Names in the certificate they share between hosted sites. I wonder if the intermediary parses the cert to match against the blacklisted domains, and terminates any connection that lists the name. That identifier also provides you a list of all of the sites that are overblocked as a result in your work, e.g. openssl s_client -connect lucky31.com:443 2>&1 | openssl x509 -text X509v3 Subject Alternative Name: DNS:ssl3055.cloudflare.com, DNS:myriotravelguide.com, DNS:*. americandreamhomeimprovement.com, DNS:*.thermosystemsinc.info, DNS:*. evasi0ndownload.com, DNS:*.fraglive.cl, DNS:thealtitudecompany.com, DNS: cmonsite.fr, DNS:*.weekcal.com, DNS:cu2nite.com.au, DNS:*. genesisenergyinternational.net, DNS:*.lucky31.com, DNS:*.starspayment.com, DNS:starspayment.com, DNS:*.loppis.me, DNS:loppis.me, DNS: unitedcostumes.com.au, DNS:2ch.hk, DNS:thermosystemsinc.info, DNS:*. bunadformenn.info, DNS:weekcal.com, DNS:starfishmedia.com, DNS: mycareers360.com, DNS:*.casinoextra.com, DNS:peakfit.com.gt, DNS: productworld.com, DNS:*.unitedcostumes.com.au, DNS:*.habbo.as, DNS: genesisenergyinternational.net, DNS:lucky31.com, DNS:*. thealtitudecompany.com, DNS:*.timesulin.com, DNS:evasi0ndownload.com, DNS: fraglive.cl, DNS:*.2ch.hk, DNS:*.productworld.com, DNS:casinoextra.com, DNS: americandreamhomeimprovement.com, DNS:timesulin.com, DNS:*.peakfit.com.gt, DNS:*.myriotravelguide.com, DNS:bunadformenn.info, DNS:habbo.as, DNS:*. cmonsite.fr, DNS:*.starfishmedia.com, DNS:*.mycareers360.com, DNS:*. cu2nite.com.au If it is certificate parsing, that might make for an interesting test and test helper. Neat find. -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C.