Browser is blocked by Akamai and Cloudflare

Utter garbage (probably SEO spam page) that generates js errors like this:

Uncaught SyntaxError: expected expression, got '<'

If you examine the number and content of the errors produced by this site, including improper inclusion of google OAUTH stuff, it’s amazing that it works with … ah, chrome maybe. Dumpster fire of a website.

And as for modern, heavy, weather sites, look how clean, for instance, Germany Weather Radar Live Map - RainViewer is on the ancient SFOS browser. It’s just a properly engineered web site. Not quick on SFOS, but it renders cleanly with no errors.

99% of the web is garbage. And yes, we have an ancient browser, but I think we need a better list of ‘real websites’ that are a problem.

When 3.4 became 4.x I could no longer read a major newspaper. That got me looking. And I made a note of it here. That issue was fixed. But adding sites that are dubious/broken doesn’t help much.

My guess is that on DDoS protection, javascript calculates some “cryptographic” challenge. (proof of work)

@d.geelen Luckily the sailfish browser is not the only browser I have.

Some other browsers had an issue like this 3 months ago. When they adressed it, cloudflare fixed it after a while. Tell HN: Cloudflare Is Blocking Firefox Forks Waterfox Classic and Pale Moon | Hacker News

Disabling cookies seems to help.

Um. That script failed to load (FF, debian, not sfos) so it’s not calculating anything … :->

Could someone please update the title to include cloudflare? I can’t seem to do it from my phone and I’m ‘on the road’ :slight_smile:

@flypig I see the ‘fixed’ state is editable in the wiki, do you mind much if we set it back to ‘open’? As this really is an open problem and is only expected to get worse as more sites use akamai/cloudflare or a third protection racket starts blocking the browser.

3 Likes

I’ve switched it from ‘fixed’ to ‘pending’. Just to clarify, the aim of both these tags is to avoid this being a recurring output from the Bug Coordination Team’s bug tracking scripts.

From what I understand Akamai and Cloudflare have heuristics for deciding whether to block a browser, and application of these is controlled by individual customers. The heuristics can go to the level of measuring the rendering speed of individual elements on a page, so finding a general solution may be tricky.

https://techdocs.akamai.com/cloud-security/docs/detection-methods

Even if there’s no general technical solution that will work for all sites, that doesn’t mean it’s not worth exploring workarounds for specific sites of course.

Has anyone enjoyed any success from contacting the blocking sites? It’d be useful to collect that info in case anyone has. Did you receive any response from Gigantti @direc85?

4 Likes

I haven’t gotten a reply from them yet…

I browsed around lippu.fi for a while and couldn’t reproduce it anymore, so I updated the post (and fixed the typo in the URL).

1 Like

You don’t want to be on Cloudflare’s naughty list | Ctrl blog

Somewhat related: this guy got his whole internet blocked for a week, and he never managed to even figure out why.

Relevant quote:

I’m unsure if my IP reputation was classified with a high bot score (likely automated requests) or given a high threat score (likely malicious request). Cloudflare doesn’t offer end-users any way to dispute or even check their IP reputation scores. The company doesn’t offer end-users any support at all. Everything is automated.

The worrying thing here is that it’s unknowable why the blockade happened. I fear that we too may be at risk because our phones keep tripping up cloudflare, akamai, etc. What if one day I try to access one too many of these site from my phone, and my home IP gets put on the blocklist by some bot because of it?

I wasn’t aware if this is issue since error message isn’t quite telling what is wrong.
However after reading this I can confirm that several other websites in Finland are affected.
I could reproduce the issue several times on gigantti.fi.

2 Likes

So maybe Jolla should address this as a site-owner at cloudflare.
I am blocked from the Jolla zendesk with a reseller of Vodafone Germany (Wetell) and the stock browser on Xperia 10 III with 4.4.0.72…

I can no longer login to gitlab, it gets stuck on the infinitely reloading ‘checking your browser page’, so I can’t e.g. search or report Whisperfish issues.

-edit
and the epic games store’s login page is now also barred entry with the ‘checking you browser’ nonsense :’(

At some point I got tired of repeatedly clicking Pandas and Dolphins to prove I am human without coming to an end (or maybe cloudflare decided that I am not human?). So I concluded that according to

it might be Jolla’s task to talk to cloudflare. And when they are already talking, besides fixing access to their own zendesk they could convince them to not block their browser at other sites, too.

Or maybe they could look deeper into the root cause of this mess… We are coming to a point where the browser is becoming useless. :frowning:

3 Likes

My Gs5 with Sailfish is blocked …cant login to the homeserver anonymousland.org on sailtrix!!!

The SFOS browser is a lost cause. And jolla doesn’t have the resources to make it work properly.

2 Likes

Well, in fact that means that all the ports without AD are a lost cause, too, doesn’t it?

1 Like

That’s a bit drastic a statement. The browser was a ‘lost cause’ in 3.4 and jolla got it that bit farther and it was no longer a lost cause.

The cloud proxy people are really a nasty issue here because, like twitter, fb and co. they make up rules as they go along.

4 Likes

No. If SFOS worked as good as my everyday distro it would be fine. Ie i can do all of my banking stuff through the browser on my laptop. Would it be nice to have a banking app. Hell yes. But i can work around that with a proper browser.
And there are many examples of the phone not working as good as the average distro.

No matter if we like it or not we are not as big of a crowd so people take notice and solve the issues we face. There are a few browsers that are considered “standard”. And the solution would be to have one of them available natively on the phone (like normal distros). I know its not possible due to many factors -mostly resources- but with what we have now we end up chasing out tail.

I’m solutions oriented. I search for solutions. I work on bugs that appear to be related to one thing only to discover they were something else. In one case, a long standing compositor bug. That one, as with a recently discovered bug in webviews, was quickly patched by jolla.

clearly, this required a bunch of time on my part. my point being, let’s focus on finding enough information about why something happens to funnel that info to jolla employees. they react faster than the 3rd party services in question. they just need us to provide actionable infos.

None of us has provided the info as to WHY akamai/cloudflare is blocking. One testing approach I thought of was to create a webview component and start feeding it user agent strings until I found one that worked. failing that, javascript tests. In any case, I’m too busy at the moment with other bugs.

1 Like

@flypig did in the thread here (the one which you are at now) and I added some information and links in this related thread.

As linked to, I had no success trying that with curl, but only used a few user-agent strings, which were recent at that time (October 2020). But look, we are considering exactly the same as someone preparing bots for a DDoS would, that is why my conclusion was:

As expected these measures are designed to be non-circumventable.

This makes me wonder, I know there are other mobile OS (more niche than Sailfish), what browser do they use? Presumably there are more than one? Are there any good alternative browsers on Sailfish? Is there not a single combined browser project that combines effort and runs on multiple mobile OSes? Why isn’t there a port of say firefox for sailfish (I know the built-in browser is based on the firefox engine)?

2 Likes