|
|
|
|
|
|
by sjtgraham
2246 days ago
|
|
|
I guess if it worked at the IP level it wouldn't matter whether or not the transport was encrypted. I'd wager how it worked was by sniffing the Host header in the request, and as this was "many years ago" most likely predated Server Name Indication in TLS so encryption was enough to thwart a host-based blocking approach. Now of course with SNI the host is in clear text in the ClientHello (unless using TLS 1.3 ESNI) so the GFC could still block using hostnames even with TLS. |
|
|