How to block DoH without blocking other Cloudflare services: ngrep -K 100 http://cloudflare-dns.com 'dst 1.1.1.1 and tcp port 443' - Because SNI.
-
-
Not sure about that on HTTP/1.1, as it still have Host: header beneath for Vhost, in request. And as cloudflare, they give all certificates/domain names they have on this ip.
-
Yes, client need to do domain fronting. And that has to be supported server-side, too, which has become pretty rare.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.