#25804: Domain fronting to App Engine stopped working -----------------------------------+------------------------ Reporter: dcf | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Component: Obfuscation/Snowflake | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------------+------------------------ Changes (by mcs):
* cc: brade, mcs (added) Old description: > On or about 2018-03-13 16:00:00 UTC, domain-fronted requests for > snowflake-reg.appspot.com stopped working. It appears to affect fronting > to all appspot.com domains, not only ours. This leaves all currently > deployed clients unable to register themselves. > > Requests now fail with status code 502: > {{{ > $ wget -q -O - --content-on-error -S https://www.google.com/ --header > 'Host: snowflake-reg.appspot.com' > HTTP/1.1 502 Bad Gateway > Date: Sun, 15 Apr 2018 04:58:49 GMT > Content-Type: text/html > Server: HTTP server (unknown) > Content-Length: 209 > X-XSS-Protection: 1; mode=block > X-Frame-Options: SAMEORIGIN > Alt-Svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; > quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35" > <html><body><h1>502 Bad Gateway</h1>\ > <p>This HTTP request has a Host header that is not covered \ > by the TLS certificate used. Due to an infrastructure change, \ > this request cannot be processed.</p></body></html> > }}} > > This ticket is to document the issue; I'm not sure we can do anything > about it directly. > > Other related tickets: > * #22782, use non-Google domain fronts > * #25594, use non-fronting-based registration New description: On or about 2018-04-13 16:00:00 UTC, domain-fronted requests for snowflake-reg.appspot.com stopped working. It appears to affect fronting to all appspot.com domains, not only ours. This leaves all currently deployed clients unable to register themselves. Requests now fail with status code 502: {{{ $ wget -q -O - --content-on-error -S https://www.google.com/ --header 'Host: snowflake-reg.appspot.com' HTTP/1.1 502 Bad Gateway Date: Sun, 15 Apr 2018 04:58:49 GMT Content-Type: text/html Server: HTTP server (unknown) Content-Length: 209 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Alt-Svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35" <html><body><h1>502 Bad Gateway</h1>\ <p>This HTTP request has a Host header that is not covered \ by the TLS certificate used. Due to an infrastructure change, \ this request cannot be processed.</p></body></html> }}} This ticket is to document the issue; I'm not sure we can do anything about it directly. Other related tickets: * #22782, use non-Google domain fronts * #25594, use non-fronting-based registration -- Comment: I corrected the month in the ticket description (April instead of March). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25804#comment:10> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs