Comment by mrvaibh

16 hours ago

This is a great example of why blanket IP blocking is such a terrible enforcement mechanism. Cloudflare hosts hundreds of thousands of services behind shared IP ranges — blocking one IP to stop a piracy stream takes out everything else on that IP, including Docker registries, API endpoints, and CDNs that have nothing to do with football.

  The real fix on your end until Spain sorts this out: set up a pull-through registry cache (e.g. registry:2 with proxy.remoteurl) on a VPS outside Spain, and point your Docker daemon's mirror config at it. Your
  GitLab runner pulls from the cache, the cache pulls from Docker Hub via a non-blocked IP. Also insulates you from Docker Hub rate limits.

  But yeah, the fact that a court order about football streaming can break docker pull for an entire country is genuinely absurd.

10 comments

mrvaibh

Reply
embedding-shape  14 hours ago

> This is a great example of why blanket IP blocking is such a terrible enforcement mechanism

AFAIK, they're not doing "blanket IP blocking", they're intercepting requests based on DNS and IP, and try to serve their own certificates and their own content. Obviously, in most cases it fails, as the certificate doesn't match the site, so the browser rejects it, but as far as I can see and tell, there is no "blanket IP blocks", more like "DNS and IP interception".

The difference doesn't really matter in practice, sucks regardless, but I thought I'd clarify for the ones who are not experiencing these blocks themselves at least.

tom1337  15 hours ago

just wait until they block Azure as well so the official La Liga site also stops working

  • mcintyre1994  11 hours ago

    Dumb question but why don’t the pirate sites all host on Azure if Cloudflare is blocked and Azure isn’t?

    • fireant  2 hours ago

      Besides the reasons already listed, Cloudflare is free, Azure is not. As a pirate site owner I imagine you don't want you payment information with your name associated with your pirate site. You can pay for hosting and dns with crypto.

    • tom1337  11 hours ago

      i have no data to back this up but in the past cloudflare was much more lax with piracy sites and I can imagine that Azure is stricter with blocking them

    • kjs3  10 hours ago

      I would imagine they do. The people running the pirate sites know what they are doing. Noone who really wants to stream pirated games is stopped. Blocking CF is performative, not effective.

  • jacquesm  13 hours ago

    Hmmm. Don't they have a reporting form or something like that? Down with those filthy Azure pirates on IP 52.166.113.188.

    • hunterpayne  6 hours ago

      Starting a new business I see...this actually seems like the best form of protest here so good luck to you.

  • littlecranky67  13 hours ago

    I wondered how they actually managed to have their own business to be unencumbered by that. At a certain corporate level, you have to have some piece of tech in your portfolio that relies on cloudflare. I hope one day there companion or "2nd screen" apps stops working during a game, because using cloudflare.