Intermittent blocking of 3ds.redsys.es from the Vodafone network has once again exposed the underlying issue: targeting pirate websites should not involve blocking IP addresses shared by thousands of legitimate services. Instead, the correct approach is to block, with full certainty, the specific domains from which illegal streams are served. It may seem like a technical nuance, but it’s the line that separates acting against an infringing website and disrupting users, merchants, and companies that have no connection to football.
As documented by BandaAncha.eu, Vodafone’s filtering system has interfered with access to Redsys, one of the most widely used payment gateways by online stores in Spain. The issue arises when attempting to access 3ds.redsys.es, hosted on Akamai’s CDN, where the domain resolves to certain intercepted IPs, specifically 95.101.38.170 and 95.101.38.179. Sometimes Vodafone displays an error message; in other cases, because of HTTPS connections, users simply see that the payment doesn’t load or complete.
The consequences are serious: a customer might lose a purchase at the final checkout step, and a store can see orders canceled without understanding that the problem isn’t on their website, their bank, or Redsys, but due to a network block. This is no minor inconvenience; it’s interference in the digital economy.
Blocking domains is not the same as blocking shared IPs
La Liga and other rights holders have the right to pursue piracy. That’s not the issue. The question is the method. If an illegal stream is served from a specific domain, the appropriate response should target that domain, not an IP address shared by a CDN used by merchants, educational platforms, media outlets, work tools, payment services, or corporate sites.
Internet increasingly relies on shared infrastructures. Networks like Akamai, Cloudflare, Fastly, and similar host and distribute traffic from many domains through shared IP addresses. Therefore, blocking an IP address doesn’t necessarily shut down a pirate website; it might just close a common gateway used by legitimate services as well.
La Liga could report infringing domains and demand their specific blocks. It may be more cumbersome, require greater precision, and take longer than blocking IPs, but it minimizes harm to third parties. Choosing to block shared IPs—knowing they may serve thousands of legitimate sites—is a technical decision with foreseeable consequences.
However, these consequences are borne by others: users unable to access legal websites, merchants losing sales, companies whose tools become unresponsive, and providers having to explain to clients why a legitimate service vanished during a match.
This isn’t hypothetical. BandaAncha.eu has been documenting overblocking related to the fight against unauthorized sports streams for months. thehayahora.futbol also monitors blocking incidents during matches, showing how certain IPs become inaccessible from specific operators. The situation has reached the absurd point where legitimate services and even websites related to La Liga have been wrongly blocked.
Is such blocking legal?
The short answer is uncomfortable: it may be supported by court orders, but that doesn’t mean it’s correct, proportionate, or free from liability if it causes damages to third parties.
In Spain, there are rulings allowing dynamic blocking of unauthorized sports streams. In April 2026, El País reported a court authorization permitting Movistar Plus+ to order ISPs to block websites and IPs linked to pirate broadcasts of events like the Champions League, with rapid action upon notification. There are also judicial precedents favoring La Liga concerning the blocking of IPs associated with unauthorized content.
But court approval should not become a blank check. The fundamental principle must be proportionality. If a measure to protect audiovisual rights harms legitimate services, merchants, payment gateways, or innocent users, the system must be reviewed immediately.
The core legal question isn’t just whether a favorable resolution exists. It’s also about how the blocking is carried out, what control is exercised, what correction mechanisms are in place, how it’s ensured that critical services aren’t affected, who is accountable for errors, and what avenues affected parties have for recourse. If these aren’t clear, the model is fundamentally flawed—even if it has formal legal coverage.
The nature of CDNs makes IP-based blocking particularly risky. When IPs are shared, collateral damage is inevitable. If such damage has already occurred repeatedly, continuing to use the same approach without stricter controls no longer seems like an accident but neglect.
Justice, the State, and Political Responsibility
The greatest concern isn’t just that a private entity like La Liga defends its interests rigorously—that’s expected. What’s more worrying is that the State, courts, and policymakers appear to accept a model that can harm citizens and businesses without accountability.
The fight against piracy must not turn operators into automatic enforcers executing real-time lists affecting the Internet without transparency. Nor should it allow football interests to override the normal operation of legitimate services. A true digital democracy should not permit online purchases to depend on whether a match is on, what IP a CDN returns at that moment, or if an operator has applied an overly broad filter.
The public discourse emphasizes digitalization, e-commerce, support for SMEs, entrepreneurship, and competitiveness. But when a blocking system linked to football interferes with a payment gateway, institutional response is minimal. This passivity sends a dangerous message: private interests have extraordinary power to influence the network, while those affected must manage on their own.
It’s not about defending pirate websites—it’s about protecting legal users. It’s about reminding everyone that the Internet shouldn’t be managed as if it’s just a football switch. It’s about demanding that anti-piracy measures be precise, auditable, reversible, and targeted strictly at the infringing entity.
If the issue involves a pirate domain, it should be blocked. If it changes domains, the order should be updated with proper safeguards. If shared IPs are used, proof that no third parties are harmed must be provided, or at minimum, a more refined technical measure should be applied. What’s unacceptable is normalizing the blocking of shared CDN IPs and then treating collateral damage as an unavoidable inconvenience.
Reputational Damage Also Matters
For an online merchant, payment is the moment of greatest trust. If something goes wrong, users won’t distinguish between CDN, DNS, HTTPS, operator, or court order. The perception is simple: “This store isn’t working.” That reputational damage can be even greater than the lost sale itself.
There’s also an impact on marketing campaigns. A store might be investing in Google Ads, Meta Ads, TikTok, email marketing, or organic SEO. If some users can’t complete a purchase due to network blocks, conversions drop, acquisition costs rise, and diagnosing the issue becomes confusing. Technical teams might check plugins, Redsys modules, WooCommerce settings, or server logs but miss the real cause.
The Redsys case should be a red line. Payment gateways, financial services, healthcare platforms, public administrations, and business tools need special protection against collateral blocks. If the current system cannot guarantee that, then it’s fundamentally flawed.
Frequently Asked Questions
Is it legal to block IPs to fight football piracy?
It may be supported by specific court orders, but legality depends on how the blocking is implemented, its proportionality, judicial or regulatory oversight, and whether it causes damages to third parties. Authorization alone does not equate to technical correctness or immunity from challenge.
Why is blocking IPs worse than blocking domains?
Because many IPs belong to CDNs shared among thousands of sites. Blocking an IP can affect legitimate services unrelated to the pirate website. Blocking the infringing domain is more precise and minimizes collateral damage.
What happened with Redsys and Vodafone?
BandaAncha.eu documented issues where some Vodafone users experienced difficulty accessing 3ds.redsys.es, a domain used for payment authentication, due to interception of certain Akamai IPs linked to that service.
Who should be responsible if a legitimate service is blocked?
The actors involved in the blocking chain—those requesting, executing, and the institutional framework permitting it—should be accountable. There should also be an urgent mechanism to remove erroneous blocks and compensate damages if proven.
via: Teléfonos.es