On Thu, Jan 8, 2015 at 3:47 PM, Aleksejs Popovs <popoffka@gmail.com> wrote:

To conclude, this is a
real case of a non gambling-related page being blocked, although
almost definitely by accident. I will notify Lattelecom about this.

Cloudflare-hosted sites are included as Subject Alternative Names in the certificate they share between hosted sites. I wonder if the intermediary parses the cert to match against the blacklisted domains, and terminates any connection that lists the name. That identifier also provides you a list of all of the sites that are overblocked as a result in your work, e.g.

openssl s_client -connect lucky31.com:443 2>&1 | openssl x509 -text

X509v3 Subject Alternative Name:

DNS:ssl3055.cloudflare.com, DNS:myriotravelguide.com, DNS:*.americandreamhomeimprovement.com, DNS:*.thermosystemsinc.info, DNS:*.evasi0ndownload.com, DNS:*.fraglive.cl, DNS:thealtitudecompany.com, DNS:cmonsite.fr, DNS:*.weekcal.com, DNS:cu2nite.com.au, DNS:*.genesisenergyinternational.net, DNS:*.lucky31.com, DNS:*.starspayment.com, DNS:starspayment.com, DNS:*.loppis.me, DNS:loppis.me, DNS:unitedcostumes.com.au, DNS:2ch.hk, DNS:thermosystemsinc.info, DNS:*.bunadformenn.info, DNS:weekcal.com, DNS:starfishmedia.com, DNS:mycareers360.com, DNS:*.casinoextra.com, DNS:peakfit.com.gt, DNS:productworld.com, DNS:*.unitedcostumes.com.au, DNS:*.habbo.as, DNS:genesisenergyinternational.net, DNS:lucky31.com, DNS:*.thealtitudecompany.com, DNS:*.timesulin.com, DNS:evasi0ndownload.com, DNS:fraglive.cl, DNS:*.2ch.hk, DNS:*.productworld.com, DNS:casinoextra.com, DNS:americandreamhomeimprovement.com, DNS:timesulin.com, DNS:*.peakfit.com.gt, DNS:*.myriotravelguide.com, DNS:bunadformenn.info, DNS:habbo.as, DNS:*.cmonsite.fr, DNS:*.starfishmedia.com, DNS:*.mycareers360.com, DNS:*.cu2nite.com.au

If it is certificate parsing, that might make for an interesting test and test helper. Neat find.

Collin David Anderson

averysmallbird.com | @cda | Washington, D.C.