Connection to the update server is blocked by Cloudflare

[nobody]

Hello developers. The updater has been unable to connect to the internet since the first day of my purchase of GSX Pro. Initially, I thought the connection to the server was blocked by Great Firewall so I circumvented it by using VPN. But today after I did a tcpdump on my home router and analyzed the captured packets using Wireshark, I was surprised to see that it's actually blocked by Cloudflare 

Here are the request and response under my home network

Code: [Select]

C:\Users\nobody>curl -I -H "Accept: */*" -H "User-Agent: InnoDownloadPlugin/1.5" -H "Host: update.virtualisoftware.com" -H "Connection: Keep-Alive" -H "Cache-Control: no-cache" --resolve update.virtualisoftware.com:80:[2606:4700:20::681a:917] http://update.virtualisoftware.com/setup/couatl-trigger
HTTP/1.1 403 Forbidden
Date: Sat, 28 Sep 2024 08:53:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 6655
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: n5BNgLoFfYPt2lD/KYrlbT105YYVNXBcD3lPaJXMl+TqotslgtElCDfUsYahBOI4oo2T/iFe6x7dcBZZUL0mJbFTTtJoBi4ykCSiHcQ0oz8=$l2g7BMMWSiZQsFZme8z2Xg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pFPcWcP%2Ba380hEqBzBByP7X48dagvnOmWCnb6drkT6zbF83uVh6IwlvLhIZCPu7g5CaUTj%2BO2tXhaFav24YqSwGKJwROXqy6J25cCQy%2B8QBSd%2FDIcNkRQ7SViE9tBqZmMsfEwburLvHkYnhcb9sJrBmbt6oSDc20%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8ca280aaa852b9d0-SEA

and the same request but got a different response on a server based in Japan

Code: [Select]

user@ubuntu:~$ curl -I -H "Accept: */*" -H "User-Agent: InnoDownloadPlugin/1.5" -H "Host: update.virtualisoftware.com" -H "Connection: Keep-Alive" -H "Cache-Control: no-cache" --resolve update.virtualisoftware.com:80:[2606:4700:20::681a:917] http://update.virtualisoftware.com/setup/couatl-trigger
HTTP/1.1 200 OK
Date: Sat, 28 Sep 2024 09:10:07 GMT
Content-Length: 4
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 09:09:11 GMT
ETag: "4-5e26a45eb1bc0"
CF-Cache-Status: HIT
Age: 2455525
Expires: Tue, 29 Oct 2024 09:10:07 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HvMrEAsXvlQX7foG5YFQjU2yuf%2F8AA1JeEGI8jgYl40kDy01evSv5krqKrxuQ1wfjHgUnAT87w6vUjCoVyy6AKFLSDIKrwNO%2F1x%2FYt67uoUF0%2F%2F8uGbfN8iVIpkjB%2FUBkBZfOhVJ0qosOwwXi%2FKYV9KCjJA4feAvVA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8ca2993b7e408346-KIX

Could you please check your firewall or WAF to see if there are any rules blocking connections from my home network?

Regards,
nobody

[virtuali]

I was surprised to see that it's actually blocked by Cloudflare

Could you please check your firewall or WAF to see if there are any rules blocking connections from my home network?

I think you got your answer already. We don't have any firewall that blocks specific countries on our site. However, the site is proxied by Cloudflare, and Cloudflare itself has its own filters based on the frequency of tentatives of attacks to the site and, since 99% of the (failed) threats are coming from China, Cloudflare blocks connections to many networks in China.

So yes, you must use a VPN, no other way around.