savannah-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-cvs] [557] fix markup, update

From: ineiev
Subject: [Savannah-cvs] [557] fix markup, update
Date: Thu, 9 Feb 2023 03:19:09 -0500 (EST) 
Revision: 557
          
http://svn.savannah.gnu.org/viewvc/?view=rev&root=administration&revision=557
Author:   ineiev
Date:     2023-02-09 03:19:08 -0500 (Thu, 09 Feb 2023)
Log Message:
-----------
fix markup, update

Modified Paths:
--------------
    trunk/sviki/CvsFromBehindFirewall.mdwn

Modified: trunk/sviki/CvsFromBehindFirewall.mdwn
===================================================================
--- trunk/sviki/CvsFromBehindFirewall.mdwn      2023-02-09 08:17:51 UTC (rev 
556)
+++ trunk/sviki/CvsFromBehindFirewall.mdwn      2023-02-09 08:19:08 UTC (rev 
557)
@@ -1,6 +1,7 @@
-The ports
----------
+# CVS from behind firewall
 
+## The ports
+
 CVS member access can be done on cvs.sv.gnu.org:22 and
 download.sv.gnu.org:443 (without long-term warranty for the latter).
 
@@ -8,8 +9,7 @@
 'CONNECT' privileges on the proxy, it should work, even if the
 connection is not TLS (eg. cvs pserver is not crypted).
 
-Ethical issues
---------------
+## Ethical issues
 
 First, this documentation is *complainware*. It means that you can
 freely use it provided you complain to your local system administrator,
@@ -32,36 +32,32 @@
 You should know, however, that it is possible to bypass such a setup by
 two ways:
 
-1.  First, systems like Tor (<http://tor.eff.org/>)
-    can be used,
+1.  First, systems like [[https://tor.eff.org/|Tor]] can be used,
+    at the price of a decreased connection speed, to redirect your traffic
+    to any public computer, and any port, provided you have outgoing
+    access to port 80 (http) and 443 (https) - which anybody should have
+    whatever their setup. Unlike what we stated in a previous version of
+    this document, Tor now does work from behind either a firewall or a
+    proxy.
 
-> at the price of a decreased connection speed, to redirect your traffic
-> to any public computer, and any port, provided you have outgoing
-> access to port 80 (http) and 443 (https) - which anybody should have
-> whatever their setup. Unlike what we stated in a previous version of
-> this document, Tor now does work from behind either a firewall or a
-> proxy.
->
-> Therefore, limiting outgoing traffic with per-protocol rules cannot be
-> effectively done. Moreover, a lot of websites now use HTTPs, a secure,
-> encrypted protocol that encapsulates HTTP. That means it is not
-> possible for the firewall to tell anything more than the fact it is
-> SSL-encrypted traffic, and cannot try to analyse the packers to
-> discover what the user is actually doing. Preventing HTTPs traffic is
-> not an option, unless the system administrator wants to prevent access
-> to all e-commerce websites, as well as websites that only use HTTPs
-> such as Gna! (<https://gna.org/>).
+    Therefore, limiting outgoing traffic with per-protocol rules cannot be
+    effectively done. Moreover, a lot of websites now use HTTPS, a secure,
+    encrypted protocol that encapsulates HTTP. That means it is not
+    possible for the firewall to tell anything more than the fact it is
+    SSL-encrypted traffic, and cannot try to analyse the packers to
+    discover what the user is actually doing. Preventing HTTPS traffic is
+    not an option, unless the system administrator wants to prevent access
+    to all e-commerce websites, as well as websites that only use HTTPS.
 
-1.  The other way to bypass a restrictive setup requires a bit of
+2.  The other way to bypass a restrictive setup requires a bit of
+    work from the remote host administrators. Basically he opens the same
+    service but on port 443 (https). This removes the proxy and speed
+    limitation from the above. This is used, for example, by
+    [[https://docs.ovh.com/gb/en/|OVH]]
+    so that people can send mail even if their ISP block port 25 (smtp).
+    We also setup CVS over SSH on port 443 (https) in addition to port 22
+    (ssh) to allow people to access our CVS repositories.
 
-> work from the remote host administrators. Basically he opens the same
-> service but on port 443 (https). This removes the proxy and speed
-> limitation from the above. This is used, for example, by OVH (see
-> <http://help.ovh.com/EmailConfigurationAOLouTELE2/>)
-> so that people can send mail even if their ISP block port 25 (smtp).
-> We also setup CVS over SSH on port 443 (https) in addition to port 22
-> (ssh) to allow people to access our CVS repositories.
-
 Note: we implemented that method, without warranty, for project member
 SSH access only - not anonymous access. Anonymous access is available
 via *pserver* which ought to be available to you, just like HTTP.
@@ -79,8 +75,7 @@
 
 Now let's see how to access our CVS services using any of those methods.
 
-Tor
----
+## Tor
 
 (check
 <http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#SSHtorify>
@@ -144,8 +139,7 @@
 didn't even know why Tor nodes were blocked - we don't think that's the
 way to go.
 
-Using download.sv.gnu.org:443
------------------------------
+## Using download.sv.gnu.org:443
 
 Please note again that this is a burden for us to offer this method and
 is not garanteed in the long run, nor will we necessarily apply it
@@ -185,8 +179,7 @@
     cvs -d:ext:username@download.sv.gnu.org/cvsroot/project co module
     ...
 
-Troubleshooting
----------------
+## Troubleshooting
 
 > If that doesn't work, try typing:
 
@@ -210,8 +203,7 @@
 there's a problem; please note any error message and contact us if you
 can't fix your configuration.
 
-If that is not enough
----------------------
+## If that is not enough
 
 It is pretty easy to make any redirection by your own means. Buy a
 minimal virtual server for you and you collegues (as cheap as 9 USD per
@@ -228,8 +220,7 @@
 
     You then can hit on you.somehosting.net port 443 to access the target 
Savannah service you need.
 
-Ultimate block
---------------
+## Ultimate block
 
 All those methods are based on a single feature: when https access is
 allowed, there's no way to analyse the (encrypted) traffic. In
@@ -245,8 +236,7 @@
 already blocking Tor nodes, disabling port 443 is just the next step.
 The only real work around is talking with your system administrator.
 
-[[ToDo]]
---------
+## ToDo
 
 -   Reformulate, taking 3 attitudes into account (explain to
     sysadmin/boss, workaround, complain to Savannah Hackers)
@@ -262,7 +252,3 @@
 -   Unify the 'get connect here:' statements
 -   Discussion related to the fact we closed anoncvs over ssh at
     <https://savannah.gnu.org/forum/forum.php?forum_id=4168>
-
-#### subtopics:
-
--   [[ISPs]]
reply via email to
[Prev in Thread] Current Thread [Next in Thread]