- last edited on by
RogersMoin
Hi,
I'm getting the following (see image below) for images hosted by GitHub (githubusercontent.com)
This only happens from my home internet.
When I look at the certificate it's one from Rogers, not the usual Github certificate.
It should look like this.
*** Edited Labels ***
1 ACCEPTED SOLUTION
Accepted Solutions
Looks like it all had to do with parental wi-fi controls. It appears as though the vendor for managing the list has some of GitHub's image servers on their black list.
It was driving me nuts as my work involves a lot of Github and not seeing images on pull requests made things very difficult.
The answer is to turn this off in your settings: https://ignitewifi.rogers.com/network
Hello, @jivey.
Welcome to Rogers Community Forums! 🙂
Thank you for your detailed post with screenshots. It seems like when you are trying to access avatars, that's when the certificate fails and shows a generic self-signed certificate.
Have you tried a different browser? I encountered similar issues with Brave, but it's not an issue when I try a different browser.
@Datalink, @-G- - any input on this?
Cheers,
RogersMoin
@RogersMoin I don't see this, although my XB6 is in bridge mode and I'm using my own router. It looks like something on the network path is trying to intercept/inspect the encrypted traffic.
@jivey Do you have Protected Browsing and/or Parental Controls enabled and could this be causing it?
I'm still rather surprised by this... although I did see the following on the Parental Controls FAQ page:
Attempts to access inappropriate content on devices assigned to an Ignite WiFi Hub profile with Parental Controls turned on will be redirected to a block page. In the case of secure (https) websites or mobile apps, the block page may not be displayed, but access is still prevented.
Could you also be in a situation where the your browser has the page cached but Parental Controls are also trying to block it?
I'm only guessing. I don't use Protected Browsing or Parental Controls, or even the Ignite WiFi Hub so I can't test or confirm this. I also don't see anything in either FAQ page that says anything about either service intercepting or inspecting content on encrypted connections.
https://www.rogers.com/customer/support/article/faqs-protected-browsing-ignite-wifi-hub
https://www.rogers.com/customer/support/article/faqs-parental-controls-ignite-wifi-hub
@jivey wrote:
Doesn't work
https://avatars2.githubusercontent.com/u/43192810?s=60&v=4
Works
https://avatars0.githubusercontent.com/u/43192810?s=60&v=4
I don't have any issues with either URL. I'm also not using Rogers' DNS. I'll have to test further with a more default-Rogers config when I get an opportunity to reconfigure my network.
In my case, lookups for both sites resolve to the same host:
avatars2.githubusercontent.com canonical name = github.map.fastly.net.
Name: github.map.fastly.net
Address: 151.101.124.133
avatars2.githubusercontent.com canonical name = github.map.fastly.net.
Name: github.map.fastly.net
Address: 151.101.124.133
Here's the cross-check against Google DNS:
$ dig @8.8.8.8 avatars2.githubusercontent.com
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 avatars2.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23125
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;avatars2.githubusercontent.com. IN A
;; ANSWER SECTION:
avatars2.githubusercontent.com. 1242 IN CNAME github.map.fastly.net.
github.map.fastly.net. 29 IN A 151.101.0.133
github.map.fastly.net. 29 IN A 151.101.64.133
github.map.fastly.net. 29 IN A 151.101.128.133
github.map.fastly.net. 29 IN A 151.101.192.133
;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Apr 02 19:49:16 EDT 2020
;; MSG SIZE rcvd: 158
$ dig @8.8.8.8 avatars0.githubusercontent.com
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 avatars0.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43992
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;avatars0.githubusercontent.com. IN A
;; ANSWER SECTION:
avatars0.githubusercontent.com. 3518 IN CNAME github.map.fastly.net.
github.map.fastly.net. 29 IN A 151.101.0.133
github.map.fastly.net. 29 IN A 151.101.64.133
github.map.fastly.net. 29 IN A 151.101.128.133
github.map.fastly.net. 29 IN A 151.101.192.133
;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Apr 02 19:49:22 EDT 2020
;; MSG SIZE rcvd: 158
Hmm... doesn't seem like DNS is the culprit. Here are the same queries against Rogers servers:
dig @64.71.255.204 avatars2.githubusercontent.com
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @64.71.255.204 avatars2.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63501
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;avatars2.githubusercontent.com. IN A
;; ANSWER SECTION:
avatars2.githubusercontent.com. 360 IN CNAME github.map.fastly.net.
github.map.fastly.net. 7 IN A 151.101.124.133
;; AUTHORITY SECTION:
fastly.net. 3717 IN NS ns2.fastly.net.
fastly.net. 3717 IN NS ns3.fastly.net.
fastly.net. 3717 IN NS ns4.fastly.net.
fastly.net. 3717 IN NS ns1.fastly.net.
;; Query time: 14 msec
;; SERVER: 64.71.255.204#53(64.71.255.204)
;; WHEN: Thu Apr 02 20:11:31 EDT 2020
;; MSG SIZE rcvd: 182
$ dig @64.71.255.204 avatars0.githubusercontent.com
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @64.71.255.204 avatars0.githubusercontent.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26720
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;avatars0.githubusercontent.com. IN A
;; ANSWER SECTION:
avatars0.githubusercontent.com. 1662 IN CNAME github.map.fastly.net.
github.map.fastly.net. 19 IN A 151.101.124.133
;; AUTHORITY SECTION:
fastly.net. 3729 IN NS ns1.fastly.net.
fastly.net. 3729 IN NS ns2.fastly.net.
fastly.net. 3729 IN NS ns3.fastly.net.
fastly.net. 3729 IN NS ns4.fastly.net.
;; Query time: 15 msec
;; SERVER: 64.71.255.204#53(64.71.255.204)
;; WHEN: Thu Apr 02 20:11:19 EDT 2020
;; MSG SIZE rcvd: 182
Looks like it all had to do with parental wi-fi controls. It appears as though the vendor for managing the list has some of GitHub's image servers on their black list.
It was driving me nuts as my work involves a lot of Github and not seeing images on pull requests made things very difficult.
The answer is to turn this off in your settings: https://ignitewifi.rogers.com/network
@jivey wrote:
Ah ok, I ran the same on my machine.
Here's what I get for answer on avatars2.githubusercontent.com.
;; ANSWER SECTION:
avatars2.githubusercontent.com. 900 IN CNAME ignitewifiblock.rogers.com.
ignitewifiblock.rogers.com. 2005 IN A 209.148.189.22
Okay, well that explains it... blocking from Parental Controls kicking in... and what I suspected might be going on. However, why would your gateway be doing that (blocking that site and not doing a very thorough job of it) especially when Protected Browsing and Parental Controls are disabled?
-
7379 views
-
9 Likes
-
-
