Fixing Yleisradio (The Finnish Broadcasting Company) HTTP proxy Fail

Monday, March 23. 2015

When it comes to unlimited supply of failures, one of my absolute favorites is YLE. Whatever they try, they seem to fail at it.

They have stumbled with their on-line service (Areena) a number of times. It took them years and years, but recently it has been at level, semi-decent service, no major failures, works even on iPad.

As they are having an uphill fight with piracy and people not obeying the country limitations they are forced by distribution agreements, they did the only sensible thing anybody can do: if you're using a HTTP proxy, then you're out! The only natural ruling can be that anybody using a proxy is accessing their service from abroad.

Like this:

The license of this radio show says that they will apply geo IP restrictions to it to limit audience in Finland only "( Kuunneltavissa vain Suomessa )". It will result in sorry-you're-not-in-Finland ("Ohjelma ei ole kuunneltavissa ulkomailla") and a refusal to play. However I am in Finland, I should be allowed access to that.

These guys are known for their inability to think smart. It is impossible to know if somebody abroad is using a Finnish proxy or not. The only possible detection method is checking for X-Forwarded-For HTTP-header.

That should be an easy fix. Let's see:

# host areena.yle.fi
areena.yle.fi has address 91.229.138.2
areena.yle.fi has address 91.229.138.6

Whois information for their IP-block is:

% Information related to '91.229.138.0/23AS57066'

route: 91.229.138.0/23
descr: Yleisradio Oy
origin: AS57066
mnt-by: DATANET-NOC
source: RIPE # Filtered

Adding this to /etc/squid/squid.conf:

# Forwarded-for -stuff off for YLE
acl yle_areena dst 91.229.138.0/23
request_header_access X-Forwarded-For deny yle_areena

... and restart will do the trick! Squid-proxy fully supports this kind of behavior with acl and request_header_access -directives. Now YLE-people are blissfully ignorant about you using a proxy or not.

Update 24th Mar 2015 and 1st Jan 2016:
Also MTV katsomo.fi has gone for this stupidity. The fix is obviously:

acl mtv_katsomo dst 23.54.11.0/24 # Katsomo.fi (Akamai)
acl akamai      dst 23.32.0.0/11  # Akamai

request_header_access X-Forwarded-For deny mtv_katsomo
request_header_access X-Forwarded-For deny akamai

Now they allow you to watch via proxy.

by Jari Turkia in Companies at 10:14 | Comments (2) | Share in LinkedIn

Finnish Pre-paid Data Plans reviewed

Saturday, March 7. 2015

As I test different network equipment regularily, I need SIM-cards and data plans for them. All of these are generally available and affordable, just go to nearest R-Kioski and get one.

Elisa (Saunalahti)

Elisa is the biggest telco with number of customers and market share. Their consumer products are under Saunalahti brand, including their pre-paid data plans.

Pre-paid data plans:

  • One day 4G (100 Mbit/s) 1.90 €
  • One week (21 Mbit/s) 6.60 €
  • One month (0,25 Mbit/s) 6.60 €
  • One month (4 Mbit/s) 14.90 €
  • One month (21 Mbit/s) 16.90 €
  • One month 4G (50 Mbit/s) 19.90 €
  • Six months (0,25 Mbit/s) 27.80 €

Incoming access:

None. All pre-paid and post-paid data plans are NATed. Post-paid 3G data plans have the possbility of changing into a non-NATed one, but that options is not available for 4G. This is total crap!

TeliaSonera

TeliaSonera is the 2nd biggest telco in Finland. As they operate also in Sweden, Norway and Estonia in general, it is the biggest corporation of these three.

Pre-paid data plans:

  • One week 4G (50 Mbit/s) 12,90 €
  • One month 4G (50 Mbit/s) 23,90 €

Incoming access:

None. All pre-paid and post-paid data plans are NATed. Post-paid data plans have possibility of subscribing a service (for small fee), to allow public IP-address. Having a fixed IP instead a dynamically allocated one costs extra.

DNA

DNA is the smallest player (excluding virtual operators). When it comes to telcos, size does not matter. Their coverage is equal to bigger players.

Pre-paid data plans:

  • 1 GiB transfer, six months 4G (150 Mbit/s) 9,90 €
  • 10 GiB transfer, six months 4G (150 Mbit/s) 19,90 €

Incoming access:

All data plans are allocated a dynamically changing public IP-address.

List of open TCP-ports (IP-protocol 6) found with Nmap scanning my own IPv4-address:

  • 500/tcp
  • 1024/tcp
  • 1723/tcp
  • 2222/tcp
  • 4002/tcp
  • 5001/tcp
  • 5800/tcp
  • 5900/tcp
  • 6001/tcp
  • 7001/tcp
  • 8001/tcp
  • 8081/tcp
  • 8082/tcp
  • 8083/tcp
  • 8088/tcp
  • 8090/tcp

I also tested other incoming IP protocols and they seem to pass without limitations. Running VPN or IPv6-tunnels is completely possible.

Conclusion

The obvious winner is DNA. It is affordable, no NAT, incoming access is possible, although limited. The only drawback is for people requiring lot of transfer, there is limit for amount of bytes. If you run out, just add another 6 month package, and you're good to go.

2nd place goes for TeliaSonera post-paid Opengate-connection. It is still affordable (17,- € / month, incl. incoming access 3G/4G), no transfer limits and allows full incoming traffic without filtered ports.

3rd place goes for Saunalahti one day pre-paid. It offers speed, no transfer limits, but I had trouble comprehending their system. As I already had a pre-paid SIM, all I had to do is to add credits to its account, but ... I somehow didn't manage to do it. I did do it before, but ...

by Jari Turkia in Companies at 20:35 | Comments (0) | Share in LinkedIn
(Page 1 of 1, totaling 2 entries)

Calendar

Mon Tue Wed Thu Fri Sat Sun
Back March '15 Forward
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Quicksearch

Archives

Categories

RSS feeds of this Blog

Blog Administration

Open login screen

Powered by

Parts of this serendipity template are by Abdussamad Abdurrazzaq and Jari Turkia. License