On Sun, 25 Jan 2026 at 12:05, Nick Owens <mischief@offblast.org> wrote:
On Sun, Jan 25, 2026 at 7:19 AM Constantine A. Murenin
<mureninc@gmail.com> wrote:
>
>
> P.S. BTW, it seems like the entire cvsweb.openbsd.org site is now on eero's blacklist as of today — they now redirect it to https://blocked.eero.com/?cat=advanced_security&reason=52&url=cvsweb.openbsd.org — likely because of these games with redirecting to "malware" sites already on the blacklist.
>
> C.
thanks for mentioning this. i (eero employee) escalated this to
dnsfilter (3rd party provider) and i believe this should be fixed now
(for eero customers, and other dnsfilter customers as well, i think).
they had surprisingly quick turn around getting back to me.
For posterity, cvsweb was blocked for reason [52, "Phishing & Deception"], because it was redirecting requests to theannoyingsite dot com, which is blocked for reason [66, "Malware"].
More details and the prior thread:
It's back to redirecting to localhost now, which is hardly any better, because it's still breaking the browser's BACK button, and destroys the path and revision that you're supposed to see.
C.
% curl --head 'http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/multimedia/openwv/pkg/README?rev=1.1&ipk=K8Bn8w6mSMA6F3ekkYPcACkE0Nn4G729RUNolBYq_4M'
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline';
Content-Type: text/html
Date: Sun, 25 Jan 2026 18:18:04 GMT
Location: http://localhost/
Server: OpenBSD httpd
Transfer-Encoding: chunked
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline';
Content-Type: text/html
Date: Sun, 25 Jan 2026 18:18:04 GMT
Location: http://localhost/
Server: OpenBSD httpd
Transfer-Encoding: chunked
No comments:
Post a Comment