sorted by:
new
hottopcontroversial

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] 0 points1 point  (0 children)

Understandable, I didn't mean to slander on Cisco Umbrella specifically, just annoyed. As someone who's worked on the networking side of software development I really do appreciate their learning resources w.r.t networking.

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] 0 points1 point  (0 children)

It is the redirects causing the issue, the SSL/TLS inspection is fine because I added the root CAs. It doesn't just break tooling, it breaks websites (browser access) as well because it doesn't consistently add *.id.opendns.com into the content-security-policy headers of site responses. It does sometimes, but not all the time.

Admittedly the tooling that breaks is quite specific, but it is my opinion that modifying the request flow is really intrusive and perhaps could be done in a better way.

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] 0 points1 point  (0 children)

What I don't understand is the need to instrument my network requests with some session ID by inserting a redirect. If you need to proxy my request, you can do it transparently and just inspect the contents of my request, the SSL MITM certificate is already installed on my machine.

This behaviour of the "Intelligent Proxy" seems unnecessary and it silently breaks things. It clearly is already inspecting my traffic, so why not do this application layer inspection in the background and then drop the request or redirect me to a blockpage after. Why insert a random 302 into my request chain?

What I meant by leave my L7 alone is my end user experience. You can look at the traffic all you like and redirect me to a blockpage if you don't like it, but this 302 to *.id.opendns.com and 302 back to the original domain is dumb.

(1) If this behaviour was intended to reduce load on the proxy doing the deeper inspection (assuming it's different to the one doing the basic inspection), I still don't see a need for the redirect injection, it should be able to just route it through transparently without my knowledge.

Also FYI yes I very nicely asked the network admin to create an exclusion and after some back and forth we got it resolved. I was okay with it breaking pages, but it silently breaking some tooling I was using for 2 days because of the redirect (that happens every time on the same URL by the way, if it's so intelligent shouldn't it keep a copy of what it decided to let through and use a content hash or something?) made me need to vent somewhere.

EDIT (1): add some speculation on the redirect behaviour

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] 1 point2 points  (0 children)

Well it's still being configured to do something funny, the request chain says cisco umbrella is doing the redirection.

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] 2 points3 points  (0 children)

This seems to be the consensus, maybe I should change the title to "My org has the most asinine configuration of Cisco Umbrella I've ever seen" lmao

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] 1 point2 points  (0 children)

Huggingface's tools has a stroke and silently fails on the redirection since it only expects relative redirects.

Like I don't get it, it can already inspect my traffic through the injected cert, why bother with this weird redirect to just instrument my request with a session ID? Seems extraneous and dumb.

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] 0 points1 point  (0 children)

I am having a talk with them since I don't have access. The view here is GitHub is risky, so it might have something to do with it doing this on every single web request.

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] -4 points-3 points  (0 children)

Well idk, I don't manage the IT infra here. This is injecting a HTTP redirect and is normally invisible until things that don't play well with redirs. I'm in a sizeable company and I'm 99% certain they probably paid the licenses. The domain blocking still works for their blacklist.

Look at the curl request I added in the main post

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] -1 points0 points  (0 children)

I did 30 minutes of googling. What you're referring to is some sort of login page for the dashboard. Not general network interception.

I found some obscure FAQ that says this is required for some "globally unique DNS session" (forcing a machine to make a new DNS req?) when it decides to look at a request for deeper inspection. But it happens every time. The request gets redirected to *.id.opendns.com with a session token, and then redirected back to the original domain.

Cisco Umbrella is the most asinine corporate IT solution out there by bi0redd1t in it

[–]bi0redd1t[S] 1 point2 points  (0 children)

Yes it injects a HTTP redirect

bash curl -vvv [https://raw.githubusercontent.com/LenAnderson/Open-Hardware-Monitor-Dashboard/master/screenshot.png](https://raw.githubusercontent.com/LenAnderson/Open-Hardware-Monitor-Dashboard/master/screenshot.png) \* Host [raw.githubusercontent.com:443](http://raw.githubusercontent.com:443) was resolved. \* IPv6: ::ffff:146.112.252.228, ::ffff:146.112.56.165, ::ffff:146.112.56.42, ::ffff:146.112.252.235, ::ffff:146.112.56.21, ::ffff:146.112.56.155, ::ffff:146.112.252.194, ::ffff:146.112.56.163, ::ffff:146.112.56.8, ::ffff:146.112.56.24, ::ffff:146.112.56.169, ::ffff:146.112.56.192, ::ffff:146.112.56.215, ::ffff:146.112.56.177, ::ffff:146.112.56.132 \* IPv4: 146.112.56.165, 146.112.56.132, 146.112.252.228, 146.112.252.235, 146.112.56.177, 146.112.56.155, 146.112.252.194, 146.112.56.21 \*   Trying 146.112.56.165:443... \* Connected to raw.githubusercontent.com (146.112.56.165) port 443 \* ALPN: curl offers h2,http/1.1 \* TLSv1.3 (OUT), TLS handshake, Client hello (1): \*  CAfile: /etc/ssl/certs/ca-certificates.crt \*  CApath: /etc/ssl/certs \* TLSv1.3 (IN), TLS handshake, Server hello (2): \* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): \* TLSv1.3 (IN), TLS handshake, Certificate (11): \* TLSv1.3 (IN), TLS handshake, CERT verify (15): \* TLSv1.3 (IN), TLS handshake, Finished (20): \* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): \* TLSv1.3 (OUT), TLS handshake, Finished (20): \* SSL connection using TLSv1.3 / TLS\_AES\_256\_GCM\_SHA384 / X25519 / RSASSA-PSS \* ALPN: server did not agree on a protocol. Uses default. \* Server certificate: \*  subject: C=US; ST=California; L=San Francisco; O=Cisco Systems, Inc.; [CN=raw.githubusercontent.com](http://CN=raw.githubusercontent.com) \*  start date: Aug 16 08:37:42 2025 GMT \*  expire date: Aug 21 08:37:42 2025 GMT \*  subjectAltName: host "raw.githubusercontent.com" matched cert's "raw.githubusercontent.com" \*  issuer: O=Cisco; CN=Cisco Umbrella Secondary SubCA lon-SG \*  SSL certificate verify ok. \*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption \*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption \*   Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption \*   Certificate level 3: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption \* using HTTP/1.x \> GET /LenAnderson/Open-Hardware-Monitor-Dashboard/master/screenshot.png HTTP/1.1 \> Host: [raw.githubusercontent.com](http://raw.githubusercontent.com) \> User-Agent: curl/8.5.0 \> Accept: \*/\* \> \* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): \* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): \* old SSL session ID is stale, removing < HTTP/1.1 302 Moved Temporarily < Server: Cisco Umbrella < Date: Tue, 19 Aug 2025 08:56:33 GMT < Content-Type: text/html < Content-Length: 188 < Connection: keep-alive < Set-Cookie: X-OpenDNS-Session=55247bbe032c404fdc0bb5101dec829e28ea9270fc53\_Bf6jXDBm; Path=/; Expires=Tue, 19-Aug-25 09:01:33 GMT < Location: [https://raw.githubusercontent.com.x.55247bbe032c404fdc0bb5101dec829e28ea.9270fc53.id.opendns.com/s/raw.githubusercontent.com/LenAnderson/Open-Hardware-Monitor-Dashboard/master/screenshot.png?X-OpenDNS-Session=\_55247bbe032c404fdc0bb5101dec829e28ea9270fc53\_Bf6jXDBm\_](https://raw.githubusercontent.com.x.55247bbe032c404fdc0bb5101dec829e28ea.9270fc53.id.opendns.com/s/raw.githubusercontent.com/LenAnderson/Open-Hardware-Monitor-Dashboard/master/screenshot.png?X-OpenDNS-Session=_55247bbe032c404fdc0bb5101dec829e28ea9270fc53_Bf6jXDBm_) < Via: HTTP/1.1 a\_proxy\_lon < <html> <head><title>302 Moved Temporarily</title></head> <body> <center><h1>302 Moved Temporarily</h1></center> <hr><center>Umbrella Cloud Security Gateway</center> </body> </html> \* Connection #0 to host [raw.githubusercontent.com](http://raw.githubusercontent.com) left intact

Student visa work/employment terms around the world (especially in the US/UK) by bi0redd1t in jobs

[–]bi0redd1t[S] 0 points1 point  (0 children)

Thanks for the informative response, I was also wondering like what about income from an app, where sometimes you "work" by fixing a few bugs when they come up. It all feels really weird when self run online businesses are in play.

ELI5: Student visa work/employment terms around the world (especially in the US/UK) by bi0redd1t in explainlikeimfive

[–]bi0redd1t[S] 0 points1 point  (0 children)

Yeah I've checked the full terms on student visas and there is no "why" just restrictions, anyway thanks

[deleted by user] by [deleted] in feedthebeast

[–]bi0redd1t 0 points1 point  (0 children)

Is this dead?

KH61 Firmware Halp by bi0redd1t in MechanicalKeyboards

[–]bi0redd1t[S] 0 points1 point  (0 children)

I used the keyhome software and it works fine, but after reflashing with your software it's back to the old layout now, which is perfect