[ISSUE-#01/PUBLIC(INDIA-ONLY)]Problem with CloudFlare CDN/Reverse proxy peering

Tweet

Many of CloudFlare DNS users might have seen a message on your site like this:

The website has been blocked as per order of Ministry of Electronics and Information Technology under IT Act, 2000.

This problem does not refer to any censorship related to Ministry of Electronics and Information Technology and IT Act,2000 in India. For the last few years, we have seen an increase in the cases where websites are blocked with reason The site has been blocked under IT Act,2000 but thats not the case.

Various sites hosted on our network have encountered this issue using CloudFlare and have been blocked in India due to CloudFlare upstream provider Airtel which has a misconfigured network. The current Network Flow looks like this:

Visitor --> Service Provider(ISP) --> CloudFlare --> Upstream(Airtel) --> CloudMate Network

If any domain is using "Flexible SSL" OR "No SSL" on CloudFlare SSL Settings, the connection between CloudFlare and CloudMate Network/Server isn't encrypted and Airtel blocks those unsecure HTTP connections. As CloudFlare terminates the TLS connection at their end and uses its own SNI SSL, the browsers show websites as "Secure" with a padlock but practically, it isn't because traffic is only getting encrypted between CloudFlare and the Visitor and other upstream providers can see the unencrypted connection.

SOLUTIONS AND WORKAROUNDS

If your website is also blocked, here are the solutions you can try:

1. Click on the DNS record for the website which is loading. You can see a orange cloud icon(referring to enabled proxied network status), click on that button to disable the proxied network and set the website to "DNS only". In this case, the CloudFlare CDN will be removed from the site and CloudFlare will only function as a DNS hosting. (Your IP address of the record will be exposed)
2. Go to CloudFlare SSL/TLS Settings and change it to "Full" OR "Full(Strict)". In that case, all traffic will be encrypted and your site will be accessible.
3. Switch from CloudFlare to other DNS providers. This would remove your CloudFlare CDN and all its implications on your website.

Performing these Solutions/Workarounds will make your live again in India. The currently affected sites and network are as follows:

1. Some CloudMate Shared Hosting/VPS/Dedicated servers in region [Roubaix(France)],[Frankfurt(Germany)],[Falkenstein(Germany)]
2. srijanshetty.in : Report on https://twitter.com/srijanshetty/status/1468523289467179008
3. nodered.org : Report on https://community.cloudflare.com/t/website-blocked-for-some-users-in-india/300620
4. noflojs.org : Report on https://github.com/noflo/noflo/issues/863
5. coreui.io : Report on https://github.com/coreui/coreui-website/issues/19
5. thephpleague.com : Report on https://github.com/thephpleague/thephpleague.github.io/issues/102
6. Some Github Pages servers
7. buyday.in : Report on https://stackoverflow.com/a/70426860

CloudMate respects your privacy and rights. To remove your references/links, please contact support@cloudmate.in

References:

1. Airtel Said to Be 'Sniffing and Censoring' CloudFlare's Traffic
2. Twitter Thread
3. Report says Airtel spying on millions of Indian web users
4. CloudFlare probes mystery interception of site traffic across India

*This announcement is made by Ankesh Anand on CloudMate Hosting Services at 09/01/2022 7:53AM IST for: Fixing CloudFlare's misconfigured network upstream