How to get around Reliance Jio GigaFiber blocking of websites?

Logik

Member
[OP]
Jul 12, 2019
5
3
Alright Folks,

I beleive I have figured out how JIO is blocking sites (on 4G GSM and Fiber). I have read some random comments here as to how JIO is using something strong to block stuff (and not just DNS etc).

I am using linux as OS. It really can do wonders for you. I have tested this across both 4G and Gigafiber. There is tool called CURL and I am using same. (cURL - Wikipedia). You can run it via command line to send or receive data from webserver using various protocols like http, https, ftp etc.


Code:
On 4G network
[vagrant@mgmt ~]$ curl https://ipinfo.io/ip
49.33.169.xx

[vagrant@mgmt ~]$ curl http://web.telegram.org
<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0"/><style>body{margin:0px;padding:0px;}iframe{width:100%;height:100%}</style><iframe src="http://49.44.18.34:8080/webadmin/deny/index.php?dpid=1&dpruleid=3&cat=107&dplanguage=-&url=http%3a%2f%2fweb%2etelegram%2eorg%2f" width="100%" height="100%" frameborder=0></iframe>[vagrant@mgmt ~]$

On FTTH (Fiber broadband)
[vagrant@mgmt ~]$ curl https://ipinfo.io/ip
49.36.1.xxx

[vagrant@mgmt ~]$ curl http://web.telegram.org
<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0"/><style>body{margin:0px;padding:0px;}iframe{width:100%;height:100%}</style><iframe src="http://49.44.18.34:8080/webadmin/deny/index.php?dpid=1&dpruleid=3&cat=107&dplanguage=-&url=http%3a%2f%2fweb%2etelegram%2eorg%2f" width="100%" height="100%" frameborder=0></iframe>[vagrant@mgmt ~]$
As you can see - I am accessing http://web.telegram.org which is clearly blocked by JIO. Please try it and see for yourself.

Here is my guess how blocking is working. I am giving high overview of proces. This is all Imagination.

Look at URL in response reveived by curl -
IP 49.44.18.34 belongs to JIO only (go to any ip geolocation website and confirm)

They are kind of running a Linux server with squid installed on it. SQUID is popular webproxy and is highly effective in blocking websites. One can create a text based file with list of URLs to block. (just google how to use squid proxy to block sites)

All enduser packets are routed via this server and the effective block happens.

This is just simplified example with one squid server and one end users.

Obvioulsy, there are multiple cluster for such servers running multiple JIO datacenters that are handling all the blocking for different end users. The files used to block websites are SYNCED acorss various different squid servers.

Additional thoughts -
webadmin/deny/index.php
webadmin is GUI for managing the linux servers. Hence I am sure the server must be running Linux (and thus SQUID). My previous employer used squid to block all the websites pretty effectively.

So there you go - all you data is passed via a Linux server thats just decides weather you should be allowed access to that site or not.

Note - curl https://ipinfo.io/ip gives me my realtime public IP. This is obvioulsy dynamic IP assinged via DHCP.
 
Last edited by a moderator:

Smh

Regulars
Nov 7, 2016
1,093
184





All isp uses some filtering program (transparent proxy) and servers mostly run on linux
 

webie

Regulars
Aug 21, 2015
413
80
Great! Any effective way to pass through this filter? I know VPN , proxy and other shits will work but for people with low internet speeds, this solution basically kills the speed. let's say p0rn or other streaming sites. VPN basically kills it. Yes, even paid ones. I have paid vpn and I have tried servers of india and many other locations, speeds slow on an already slow (2mbps) connection.
 


terminator881

Regulars
Apr 14, 2016
51
7
They are reading the HOST parameter in the HTTP/HTTPS requests and sending you a RESET packet in case HOST belongs to any of the blocked domains.
I have read in linux there is way to drop/ignore reset packets in iptables which should work to bypass block if ISP is not sending the reset packet to the website too.
 

d5aqoëp

Regulars
Aug 13, 2014
1,115
418
@Mr_mime
No it doesn’t. ESNI and DNS over https are fail technologies. My browser passes all 4 cloudflare tests. But fails hard when trying to access cloudflare based blocked site on https.
 


  • Like
Reactions: abbyck

Smh

Regulars
Nov 7, 2016
1,093
184
ESNI + DOH with firefox works for me. Lot of small/medium size sites use cloudflare so it will unlock them.
 

achaudhary997

Regulars
Apr 15, 2018
146
60
Well this was known to be the case as Jio is using various middleboxes to achieve this result.

If you just change the HOST keyword in GET request to either HosT or Host it is sufficient to bypass Jio or Airtel's middlebox xD (courtesy of the research paper)

If someone is interested in more details and how they could test it you can read the following research paper by a professor at my college targetted towards internet censorship in India.
 
  • Like
Reactions: Logik

d5aqoëp

Regulars
Aug 13, 2014
1,115
418
Can we develop a solution to permanently unblock sites on Jio and Hathway using these findings?

ESNI + DOH with firefox works for me. Lot of small/medium size sites use cloudflare so it will unlock them.
I find it hard to believe. I have tried it on MTNL, Hathway, Jio, Airtel using latest Firefox 68.0.1.
I have changed necessary settings and my browser passes all 4 cloudflare DOH and ESNI tests. But my browser spectacularly fails at opening blocked sites. There are reports on reddit that this is just a hyped up failed technology which sounds ideal only on paper.
 
Last edited:
  • Like
Reactions: abbyck

Smh

Regulars
Nov 7, 2016
1,093
184
@webie @Mr_mime can you guys try enabling esni and check if it works for you.

open firefox
type about:config in address bar
Accept risk on next screen
search esni
Modify value from false to true
then search for network.trr.mode
change value from 0 to 2
Now this method works only with site that uses cloudflare and mozilla so try with a blocked torrent site that uses cloudflare.
 

Similar threads