Persian site block

[Mobinoo1383]

Describe the bug
I wasn't aware I had vpn on so I entered blubank application and did transaction and it worked then I noticed my vpn is connected despite the fact I had blocked the iranian sites in hiddify proxy this shouldn't have happened

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: iPhone X
• OS: iOS 16
• Browser opera gx
• Version latest

Additional context
Add any other context about the problem here.

[robin98]

Yes, I think something like that happened more than just once without even you noticing it.
I think the Hiddify project only uses geoip:ir option for blocking the Iranian services, that is, leading to partial blocking functioality.
I think they should also blcoks all the "*.ir" domains, and also use these two references for a more reliable solution:
https://github.com/bootmortis/iran-hosted-domains
https://github.com/iranxray/hope/blob/main/routing.md

I think the combination of these solution is all we can do (for now). Also, maybe considering user-side routing configuration is a more efficient way, but it can't be done in all scenarios (some clients don't support routing rules, and you can't say that you sure all of the users of your servers will do it properly)

Also you mentioned that you're using an iPhone, so there isn't a free way for doing routing rule on your VPN traffic. I suppose Stash and Shadowrocket maybe support rule basing proxy, but I don't try them personally, yet.

This is an image showing how you can deploy a routing rule on your V2rayN client (OS: windows):

[Mobinoo1383]

Thanks @robin98 I actually have stash and Shadowrocket and will try this solution out

[Mobinoo1383]

@robin98 i was playing around a bit with the configs and found out that the rule for .ir and geoip exists but it's not rejected
Dear @hiddify i have enabled block Iranian sites option in proxies settings of setting in the panel but in my configuration's the geip and .ir are not rejected

I then switched the direct to reject and the Persian sites snapp and blu bank were successfully blocked as seen in the next images

[robin98]

By enabling the Block Iranian sites option from your hiddify panel, it'll effective for the majority of *.ir and Iranian based services, but not all them.
As I understand from the first screenshot of your rules, you must be able to visit Iranian sites but not through your proxy. it uses your own IR IP to access them, so it is completely ok and harmless if you still be able to access them.
to make sure about that, just reverse route settings of your client app in iOS to that state you show me at your first screenshot. after that, visit some foreign-access-limited sites like http://stdn.iau.ac.ir/ , if you can visit the original page while your VPN is ON, so the routing rules are successfully done and now you can access both Iranian and non-Iranian sites without any limitation.
Again, No need to reject (block) them on your phone, just let them use bypass option so you can enjoy all services without worrying about anything.

[Mobinoo1383]

Thanks @robin98 for explaining
I'm all cleared now

[robin98]

@Mobinoo1383
You mentioned before that you have both shadowrocket and stash app on your device.
As a person who have experienced and work with this clients, which one you suggesting?

I think that supporting features like I listed below, is an important advantage that every xray client must supports them:

TLS
uTLS
XTLS
Alpn
SNI
Protocols such Vless / trojan
Supporting of Custome Routing Rules
And more …

[hiddify-com]

Yes, I think something like that happened more than just once without even you noticing it. I think the Hiddify project only uses geoip:ir option for blocking the Iranian services, that is, leading to partial blocking functioality. I think they should also blcoks all the "*.ir" domains, and also use these two references for a more reliable solution: https://github.com/bootmortis/iran-hosted-domains https://github.com/iranxray/hope/blob/main/routing.md

I think the combination of these solution is all we can do (for now). Also, maybe considering user-side routing configuration is a more efficient way, but it can't be done in all scenarios (some clients don't support routing rules, and you can't say that you sure all of the users of your servers will do it properly)

Also you mentioned that you're using an iPhone, so there isn't a free way for doing routing rule on your VPN traffic. I suppose Stash and Shadowrocket maybe support rule basing proxy, but I don't try them personally, yet.

This is an image showing how you can deploy a routing rule on your V2rayN client (OS: windows):

Hiddify uses both GEOIP and .ir however those information are not 100% correct

[Mobinoo1383]

Hi @robin98 about the two apps mentioned I don't know if it supports all of the options you listed but I personally like stash, it's easy to use and looks good , in stash it's just one click and it chooses the best protocol for you but in Shadowrocket you should handpick it on the other hand Shadowrocket seems to be supporting more protocols and it's much more flexible with your choices
But it's your preference that matters