User comments on ISPs
  >> Vodafone


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User MarcuT
(newbie) Fri 26-May-17 13:16:52
Print Post

Vodafone blocks sites with user submitted content


[link to this post]
 
I noticed this week that most images on Reddit (UK's #5 website according to Alexa!), and comments sections on many websites stopped loading, but only on Vodafone broadband. On the Vodafone forum, people have been reporting this intermittently for several years! I wish I had known before switching to them.

The reason the sites are not loading appears to be Vodafone's poor implementation of the Internet Watch Foundation web filter. UK ISPs are normally required to block or monitor access to specific URLs someone has flagged up to IWF. Any changes users try in Vodafone's Content Control interface have no effect on this.

When you access https://disqus.com or https://imgur.com for example, the OS finds the site's IP address from the modem and Vodafone's DNS servers. In this case, Vodafone's servers don't return the actual IP of disqus.com anymore, but rather their own IP 90.255.255.1. The browser then connects to that IP, requests the URL asked for, and presto, Vodafone has hijacked your connection and fulfilled their IWF duty. The only trouble is that Vodafone customers opening HTTPS links get an ugly error message instead and can't open anything on the site at all.

Your connection is not private

Attackers might be trying to steal your information from disqus.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

This server could not prove that it is disqus.com; its security certificate is from contentcontrol.vodafone.co.uk. This may be caused by a misconfiguration or an attacker intercepting your connection.


Thanks to web certificates, the browser stops this intercept attempt. Vodafone's support suggests to ignore the message and reduce the browser's security, but that's not possible in all browsers. My daily browsing of Reddit nonsense through their mobile app forces imgur.com content over https, so all the images from there are blank. There goes part of the entertainment of a home broadband.

Further, if the error is ignored, the site seems to work, but the response headers contain this:
Via: 1.0 iwffilter.broadband.vodafone.co.uk (squid)


With the internet moving more and more to HTTPS, in many cases redirecting any HTTP access to HTTPS, this is going to become a major issue in the future. What can we do?
Standard User MarcuT
(newbie) Sat 03-Jun-17 01:04:41
Print Post

Re: Vodafone blocks sites with user submitted content


[re: MarcuT] [link to this post]
 
A week later:
Sites with the comments section from Disqus.com are loading again.
Imgur.com site HTML over HTTPS loads now as well, but images do not load. They're hosted at i.imgur.com, which is still on the list of domains to hijack.

Glad to see things are improving, and I do hope it's because someone actively addressed the issue. I only wish support would acknowledge that the problem is on Vodafone's end, and not force people through the usual broadband troubleshooting act.
Standard User arendall667
(regular) Sat 03-Jun-17 06:28:50
Print Post

Re: Vodafone blocks sites with user submitted content


[re: MarcuT] [link to this post]
 
Have you tried changing the DNS servers at PC level? I'm on Demon (now owned by Vodafone) and if you use Demon DNS servers you get random errors from the IWF filter about trying to use this website as a Proxy. Changing the PC DNS servers to Google or Open DNS made these go away.

Anthony


Register (or login) on our website and you will not see this ad.

Standard User mbames
(member) Sat 03-Jun-17 15:10:03
Print Post

Re: Vodafone blocks sites with user submitted content


[re: arendall667] [link to this post]
 
Either try using googles DNS servers, or if you know that i.imgur.com is blocked, then add an entry to your local hosts file:

c:\windows\System32\drivers\etc\hosts

in the form of:

151.101.16.193 i.imgur.com


obviously not an ideal solution, but a temporary workaround at least.

Sky Fibre (40/10), Draytek 130, DrayTek 2925, DrayTek AP-700
(Gone but not forgotten: 2820n x 2, 2800vg, 2800, HG612)

Speedtests:
ThinkBB - Mini | ThinkBB - Full | Speedtest.net
Standard User MarcuT
(newbie) Sat 03-Jun-17 21:37:49
Print Post

Re: Vodafone blocks sites with user submitted content


[re: mbames] [link to this post]
 
Yes! Both of those workarounds work. I could probably change the DNS server IP on the modem instead, but I don't want to mess with it too much since people everywhere are saying that Vodafone's HHG2500 is an unreliable one. It's a bit of a pain to set IPs everywhere, especially on Android where it seems to want the device IP static before letting me change DNS addresses.

It's worrying that Vodafone have let people complain about the intermittent domain blocks since 2015, and only admitted in February 2017 that their Content Controls are at fault. Support still haven't got the news of course... It's like when Wikipedia got blocked almost 10 years ago, there's been no progress.
Standard User MarcuT
(newbie) Wed 07-Jun-17 18:47:37
Print Post

Re: Vodafone blocks sites with user submitted content


[re: MarcuT] [link to this post]
 
Like a satnav that refuses to take you to Blackpool, Vodafone's DNS is once again blocking all of imgur.com, www, and i. Why does it keep changing? The Time to Live of the responses is always 5 minutes, so it shouldn't be about unexpected caching. It doesn't really bother my personal broadband experience since I don't use the provided satnav anymore, but the risk of things suddenly breaking with nobody batting an eye is a huge concern.
Administrator MrSaffron
(staff) Wed 07-Jun-17 18:59:03
Print Post

Re: Vodafone blocks sites with user submitted content


[re: MarcuT] [link to this post]
 
Usual issue is the proxy that handles the blocking is overwhelmed by the amount of work checking to make sure a specific URL is not on the block list, i.e. so its not a block per-se of a site usually, but a side effect of what happens when a popular site ends up going through the URL inspection process.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
  Print Thread

Jump to