[tor-bugs] #25804 [Obfuscation/Snowflake]: Domain fronting to App Engine stopped working
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Apr 15 05:04:56 UTC 2018
#25804: Domain fronting to App Engine stopped working
---------------------------------------+--------------------
Reporter: dcf | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
---------------------------------------+--------------------
On or about 2018-03-13 16:00:00 UTC, domain-fronted requests for
snowflake-reg.appspot.com stopped working. It appears to affect fronting
to all appspot.com domains, not only ours. This leaves all currently
deployed clients unable to register themselves.
Requests now fail with status code 502:
{{{
$ wget -q -O - --content-on-error -S https://www.google.com/ --header
'Host: snowflake-reg.appspot.com'
HTTP/1.1 502 Bad Gateway
Date: Sun, 15 Apr 2018 04:58:49 GMT
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 209
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431;
quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
<html><body><h1>502 Bad Gateway</h1>\
<p>This HTTP request has a Host header that is not covered \
by the TLS certificate used. Due to an infrastructure change, \
this request cannot be processed.</p></body></html>
}}}
This ticket is to document the issue; I'm not sure we can do anything
about it directly.
Other related tickets:
* #22782, use non-Google domain fronts
* #25594, use non-fronting-based registration
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25804>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list