“Boobs check” – Technique to verify if sites behind CDN are hosted in Iran

Original Article ↗ Hacker News Discussion ↗

Accessing the tweet / Nitter context

  • Several commenters note they use the linked “xcancel” site as a working hosted Nitter-like front-end for Twitter/X, after most Nitter instances died when guest accounts were removed.
  • One person built tooling to automatically rewrite X links to this frontend.

How the “boobs check” works

  • The idea: request https://site/.../boobs.jpg.
    • If the origin is outside Iran, you usually get a normal 404.
    • If it’s hosted inside Iran behind certain infrastructure, a national filter intercepts the keyword and returns a censorship response (e.g., 403 with an iframe to an internal IP).
  • Some users ask for and share example domains; others report they don’t see the behavior on all Iranian sites, so it’s not universal.

Technical conditions and limitations

  • Commenters stress this only reliably works when the CDN/reverse proxy talks to the origin over plain HTTP (e.g., Cloudflare “Flexible” mode). Any proper TLS between CDN and origin breaks the trick.
  • There is debate whether filtering happens at the CDN, the origin, or national infrastructure; precise architecture is described as unclear.
  • One explanation: Iran’s “National Information Network” terminates TLS at the edge and either connects to origins over HTTP or with a state-controlled CA.

Cloudflare, TLS, and “encryption remover” debate

  • Strong criticism of Cloudflare for terminating TLS and often forwarding to origins in plaintext, while presenting the site as fully HTTPS to users.
  • Others argue Cloudflare massively increased TLS deployment by making certificates easy and free, though several insist this credit belongs mostly to Let’s Encrypt and ACME.
  • Discussion covers Cloudflare TLS modes, why people still choose insecure “Flexible” (historical cost/complexity, shared hosting, partial protection from ISP tampering), and the user’s inability to see if origin links are encrypted.

Why detect Iranian hosting?

  • Suggested motives include: avoiding doing business with Iran, complying with US sanctions, or filtering out potential foreign propaganda sites.
  • Some doubt the real impact of Iranian propaganda on Western audiences but see value in an easy technical blacklist mechanism.