Any b.k.o content served by cdn.kde.org is rejected with error "SSL_ERROR_RX_RECORD_TOO_LONG". Although b.k.o is still useable, lack of CSS and JS makes it not so appealing. Issue observed with Firefox 48 on GNU/Linux Reproducible: Always Steps to Reproduce: 1. Open bugs.kde.org Actual Results: Request https://cdn.kde.org/css/bootstrap.css fails with SSL_ERROR_RX_RECORD_TOO_LONG error Expected Results: bootstrap.css file gets loaded
Sorry but I cannot reproduce this error. A quick Google indicates that this is likely due to either a broken network or system configuration on your end. https://support.mozilla.org/en-US/questions/976504 If the above does not resolve the problem, please confirm that you do not have any intercepting proxies operating on either your, or your ISPs network.
(In reply to Ben Cooksley from comment #1) > If the above does not resolve the problem, please confirm that you do not > have any intercepting proxies operating on either your, or your ISPs network. Sorry for noise - visiting cdn.kde.org revealed the true issue - site has been blocked in whole Latvia due to breaking online gambling(!) law (as stated by Lotteries and Gambling Supervision Inspection of the Republic of Latvia). No cdn.kde.org for anyone from Latvia :( So nice to live in EU :(
Can you please provide additional information on this block so we can attempt to circumvent the issue. (ie. is this a DNS or IP level interception, etc)?
(In reply to Ben Cooksley from comment #3) > Can you please provide additional information on this block so we can > attempt to circumvent the issue. (ie. is this a DNS or IP level > interception, etc)? It seems to be IP based interception implemented by my ISP (same error when loading bare IP address[1] in web browser). The Lotteries and Gambling supervision inspection of Latvia is issuing lists of offending sites that must be blocked by ISPs. Unfortunately the request formular contains two columns - DNS name and IP address(es) (I haven't seen how an actual request looks like, I just found a regulation of the Cabinet of Ministers describing the procedure). The list of DNS names is public[2] and KDE related sites are absent there (so far, so good). Unfortunately it does not contain blocked IP's. Thus it seems that block of cdn.kde.org comes as a "collateral damage" while blocking some other Incapsula client. Now I know more about blocking of websites than I wanted to :( In the future I'll just check more carefully if some site is not working just because CDN has been blocked. 1. Blocked IP: 192.230.77.28 2. https://www.iaui.gov.lv/images/Blokesana/supportmail.pdf
*Sigh*. Governments really are idiots when it comes to the internet. I've informed Incapsula of the issue - hopefully their legal department can sort it out with the Latvian government. As a workaround for yourself, stick in /etc/hosts 5.9.99.188 as the IP address for cdn.kde.org. This is the backend server address which Incapsula fronts. Out of curiosity, is forum.kde.org, dot.kde.org, userbase.kde.org all accessible?
Incapsula support have asked if you can please provide: 1) MTR / Traceroute runs to cdn.kde.org 2) MTR / Traceroute runs to www.incapsula.com If you have any other information regarding how you discovered this was due to Government interference that would also be appreciated.
(In reply to Ben Cooksley from comment #6) > Incapsula support have asked if you can please provide: > > 1) MTR / Traceroute runs to cdn.kde.org > 2) MTR / Traceroute runs to www.incapsula.com > > If you have any other information regarding how you discovered this was due > to Government interference that would also be appreciated. I tested forum, dot and userbase - pages are loading but content from CDN is missing (JS, CSS files, icons). I'll upload how cdn.kde.org site looks like (the Big Evil warning). traceroute to cdn.kde.org (192.230.77.28), 30 hops max, 60 byte packets 1 192.168.1.1 (192.168.1.1) 4.894 ms 4.877 ms 4.846 ms 2 87.226.95.129 (87.226.95.129) 4.760 ms 4.723 ms 4.701 ms 3 ip-200-97.bn.ngn.lv (77.38.200.97) 7.406 ms 7.393 ms 7.380 ms 4 ip-200-212.bn.ngn.lv (77.38.200.212) 7.377 ms 7.363 ms 7.346 ms 5 ip-200-209.bn.ngn.lv (77.38.200.209) 13.156 ms 13.134 ms 13.106 ms 6 ip-200-212.bn.ngn.lv (77.38.200.212) 13.080 ms 3.057 ms 3.004 ms 7 ip-200-209.bn.ngn.lv (77.38.200.209) 2.990 ms 2.962 ms 9.382 ms 8 ip-200-212.bn.ngn.lv (77.38.200.212) 9.383 ms 3.064 ms 3.012 ms 9 ip-200-209.bn.ngn.lv (77.38.200.209) 3.007 ms 2.976 ms 5.696 ms 10 ip-200-212.bn.ngn.lv (77.38.200.212) 5.671 ms 5.663 ms 5.642 ms 11 ip-200-209.bn.ngn.lv (77.38.200.209) 5.613 ms 5.588 ms 3.098 ms 12 ip-200-212.bn.ngn.lv (77.38.200.212) 5.496 ms 5.495 ms 5.466 ms 13 ip-200-209.bn.ngn.lv (77.38.200.209) 5.439 ms 5.420 ms 6.382 ms 14 ip-200-212.bn.ngn.lv (77.38.200.212) 3.326 ms 3.323 ms 3.295 ms 15 ip-200-209.bn.ngn.lv (77.38.200.209) 6.201 ms 6.173 ms 6.144 ms 16 ip-200-212.bn.ngn.lv (77.38.200.212) 6.021 ms 6.010 ms 5.986 ms 17 ip-200-209.bn.ngn.lv (77.38.200.209) 9.104 ms 9.041 ms 9.007 ms 18 ip-200-212.bn.ngn.lv (77.38.200.212) 6.000 ms 6.006 ms 5.982 ms 19 ip-200-209.bn.ngn.lv (77.38.200.209) 12.925 ms 12.888 ms 12.857 ms 20 ip-200-212.bn.ngn.lv (77.38.200.212) 7.396 ms 7.385 ms 7.356 ms 21 ip-200-209.bn.ngn.lv (77.38.200.209) 12.707 ms 12.678 ms 12.651 ms 22 ip-200-212.bn.ngn.lv (77.38.200.212) 7.228 ms 3.182 ms 3.113 ms 23 ip-200-209.bn.ngn.lv (77.38.200.209) 3.059 ms 5.275 ms 5.232 ms 24 ip-200-212.bn.ngn.lv (77.38.200.212) 5.185 ms 3.050 ms 5.409 ms 25 ip-200-209.bn.ngn.lv (77.38.200.209) 5.416 ms 5.405 ms 5.377 ms 26 ip-200-212.bn.ngn.lv (77.38.200.212) 5.347 ms 5.319 ms 7.862 ms 27 ip-200-209.bn.ngn.lv (77.38.200.209) 7.838 ms 7.814 ms 3.067 ms 28 ip-200-212.bn.ngn.lv (77.38.200.212) 3.009 ms 2.979 ms 5.472 ms 29 ip-200-209.bn.ngn.lv (77.38.200.209) 5.459 ms 5.439 ms 5.397 ms 30 ip-200-212.bn.ngn.lv (77.38.200.212) 5.245 ms 5.249 ms 5.227 ms traceroute to www.incapsula.com (192.230.77.200), 30 hops max, 60 byte packets 1 192.168.1.1 (192.168.1.1) 3.244 ms 5.757 ms 5.730 ms 2 87.226.95.129 (87.226.95.129) 5.701 ms 5.667 ms 5.636 ms 3 ip-200-97.bn.ngn.lv (77.38.200.97) 5.618 ms 5.600 ms 5.586 ms 4 78.154.154.161 (78.154.154.161) 8.870 ms 8.845 ms 8.831 ms 5 riga-b2-link.telia.net (62.115.12.145) 8.803 ms 8.789 ms 8.764 ms 6 s-bb4-link.telia.net (213.155.134.88) 18.508 ms s-bb3-link.telia.net (62.115.141.12) 18.015 ms 18.468 ms 7 s-b5-link.telia.net (80.91.249.219) 15.999 ms s-b5-link.telia.net (213.155.133.17) 16.005 ms s-b5-link.telia.net (80.91.253.227) 15.958 ms
Created attachment 101772 [details] cdn.kde.org web site with blockage info in Latvian and Russian language
Thanks for responding with that information so quickly. I've now passed it along to Incapsula support and will advise once they've gotten back to me.
Incapsula support have now changed the IP address for cdn.kde.org - can you confirm you are now able to access cdn.kde.org again?
(In reply to Ben Cooksley from comment #10) > Incapsula support have now changed the IP address for cdn.kde.org - can you > confirm you are now able to access cdn.kde.org again? Yes. Thank you, now b.k.o looks good again :)