New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs.python.org is prone to political blocking in Russia #66420
Comments
I could not access http://docs.python.org/ from work today. Upon investigation, it appears that the ISP has blocked all sites on the IP address 185.31.17.175, because of the court order unrelated to docs.python.org. Many other ISPs in Russia also don't know any methods of site blocking except by IP address. Even if the bad site removes the offending materials, the situation is doomed to repeat itself in the future. To avoid this, please obtain an IPv4 or IPv6 address for docs.python.org that is not shared with any site not controlled by PSF. |
Dmitry Chestnykh has pointed me to https://antizapret.info/site.php?id=5903 |
Just a FYI, I've let Fastly know about this. |
Not much more we can do from here. |
It looks like the IP address is being used by some viruses/trojans: https://www.virustotal.com/en/ip-address/185.31.17.175/information/ It may help using e.g. b.global-ssl.fastly.net as CNAME for docs.python.org (e.g. by adding it to the /etc/hosts). |
The site is now accessible. But this case is going to repeat itself. |
We know, but this will happen to any sites that have content hosted by a CDN such as Fastly. In this specific case, you can download the docs or build them yourself for offline usage. Our Mercurial server hg.python.org is (obviously :) not hosted on a CDN, so this scenario can't happen there. |
See also bpo-21072. |
On 20.08.2014 09:28, Georg Brandl wrote:
I think we should have additional fallback domains setup This would also help with some other issues such as Fastly |
I'm not sure it's worth it tbh. It's certainly going to be error prone to store
Right, it's basically that there is no cache invalidation as far as I know. |
I've heard back from Fastly! Specific to this particular incident, they've identified a few places where their own internal procedures fell short and they've rectified them. Specifically:
In the long term they are evaluating their own policies for how they host customer sites which allow user uploaded content (since those types of sites are the most likely to have these kinds of issues) and determining if it makes sense for them to require dedicated IP addresses for those customers. For now I think Fastly has sufficiently handled the issue to not require some sort of backup system to need to be put in place. They are going to let me know how they are going to handle it long term and what, if any changes, we can make in our use of their service to help isolate from those kinds of issues. |
Very nice, thanks for the update. |
On 20.08.2014 19:14, Donald Stufft wrote:
Sounds good. |
I just heard back from Fastly again. They are going to donate a dedicated IP I believe the sticker cost of this is $1500/month (Normally this is used for |
Just to close the gap on this, most of the PSF web properties that go through Fastly have been switched over to a set of IP addresses that are dedicated to the PSF. So if someone does an IP ban they are blocking us. I just made the switch in DNS so it'll take hold as that propagates. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: