okay.
I thought giving all data including address etc is a must or else neither my domains nor the domains of my friend would have those.
it seems that it might depend on the tld but my .info .xyz and the .info and .de have their email (among other info about us) completely listed.
Also see Google search great firewall of china amazon. There’s quite a few hits that discuss the problem and how to ensure traffic gets through.
Also see Google search great firewall of china amazon1. There's quite a few hits that discuss the problem and how to ensure traffic gets through.
The block is implemented by Amazon AWS Beijing itself and validation of the ICP license is done by their third party partner SINNET. There is no way to "ensure" traffic gets through without having a valid ICP license and getting amazon to unblock those ports. This is through my very long discussions with AWS support.
Having said that, I understand now why authentication is and should only be available if you can control ports 443 or 80 as it is easier to gain control over other less privileged ports and I agree with the community that this probably should not be changed.
In my particular situation I am going to get the client to delegate the application sub-domain's dns to Amazon Route 53, and then use the LetsEncrypt DNS validation.
2 Likes
Having said that, I understand now why authentication is and should only
be available if you can control ports 443 or 80 as it is easier to gain
control over other less privileged ports and I agree with the community
that this probably should not be changed.
Authentication is not tied to a port, just like its not tied to a national policy. Authentication should always occur, regardless of port, national policy or ICS numbers.
Amazon is probably pushing that position because they want to do business in China. Their only motivation is money. I would question the veracity of any security related statements Amazon makes on the subject.
1 Like
Amazon is probably pushing that position because they want to do business in China. Their only motivation is money. I would question the veracity of any security related statements Amazon makes on the subject.
I've had a company here for over 10 years and have read all the related policy documentation. All websites that are hosted in China are required by law to have an ICP license (ICP license - Wikipedia). As part of this license an electronic license is generated and must be hosted on the website an accessible to the government web-crawler. All major hosting providers (including the native aliyun which is owned by the alibaba/taobao group) require that you provide your ICP license prior to unlocking the port.
If a site is found to be operating without an ICP license then the IP address associated with that site is blocked. If a site is found to infringe on the various regulations then the entire account that is associated is frozen.
Amazon is just following standard practice.