Why Is Supabase Banned in India? Section 69A Explained
Understanding the legal framework behind India's Supabase block. What Section 69A is, how blocking orders work, and what developers can do.
What happened
In February 2026, Indian ISPs including Jio, Airtel, and ACT Fibernet began DNS-blocking all subdomains under *.supabase.co. The block was not announced publicly -- developers discovered it when their production apps stopped working.
The block affects only the API domain (supabase.co), not the marketing website (supabase.com). This means developers can still access the Supabase dashboard and documentation, but their apps cannot reach the Supabase API, authentication, storage, or realtime services.
No official government statement has been issued explaining why Supabase was blocked. This silence is typical -- and it is a direct consequence of how Section 69A of India's Information Technology Act works.
What is Section 69A?
Section 69A is a provision in India's Information Technology Act, 2000 (amended in 2008). It grants the central government the power to direct any government agency or intermediary (including ISPs) to block public access to any information generated, transmitted, received, stored, or hosted on any computer resource.
The section can be invoked on the following grounds:
Sovereignty and integrity of India
Defence of India
Security of the state
Friendly relations with foreign states
Public order
Prevention of incitement to commission of any cognizable offence
The critical aspect of Section 69A is that blocking orders issued under it are confidential. ISPs that receive these orders are legally prohibited from disclosing them. This is why there is never a public announcement when a website or service is blocked, and why ISPs cannot explain to their customers why a service is unreachable.
How blocking orders are issued
The process for issuing a blocking order under Section 69A follows a defined procedure laid out in the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009:
Complaint or security concern
A complaint is received or a security concern is identified by a government agency, law enforcement, or intelligence body. This can originate from any central or state government department.
Review committee examination
The request is examined by a committee headed by the Designated Officer in MeitY (Ministry of Electronics and Information Technology). The committee reviews whether the block is necessary and proportionate.
Blocking order issued
If approved, the Secretary of MeitY issues a formal blocking direction to all ISPs and intermediaries operating in India.
ISPs comply
ISPs must implement the block within the time specified in the order. They typically use DNS poisoning as it is the cheapest and fastest method to implement at scale.
Emergency blocks can skip the committee. In urgent cases related to national security, the Designated Officer can issue a temporary block without the full committee review. The committee must then ratify the decision within 48 hours.
What ISPs are required to do
When an ISP receives a blocking order under Section 69A, they must:
- Implement the block within the timeframe specified in the order
- Maintain strict confidentiality about the order -- they cannot disclose its existence to anyone, including the affected users or the blocked service
- Not show a block page -- most ISPs simply DNS-poison the domain so the connection silently times out, making it look like a network issue rather than an intentional block
Failure to comply with a blocking order can result in imprisonment up to seven years and a fine. This is why ISPs implement blocks quickly and without public explanation.
The most common implementation method is DNS poisoning. The ISP configures their DNS resolvers to return a sinkhole IP address for the blocked domain instead of the real IP. This is cheap, fast to deploy, and works at scale. However, it is also the easiest blocking method to bypass with a proxy.
Why Supabase specifically?
No official reason has been given for the Supabase block. Given the confidential nature of Section 69A orders, we can only observe the patterns:
Platform abuse: Supabase provides hosted PostgreSQL databases, file storage, and serverless functions. It is possible that specific projects hosted on Supabase were used to store or serve content that violated Indian law. Rather than blocking individual projects, the entire *.supabase.co domain was blocked.
Wildcard blocking: The block targets *.supabase.co (the API domain) but not supabase.com (the marketing site). This suggests the concern was about the API/data services, not Supabase as a company.
Established pattern: This follows a pattern seen with other developer tools where the entire platform is blocked because of content hosted by a subset of users.
This is the core dilemma with platform-level blocks. Thousands of legitimate developers and businesses are affected because of the actions of a few (or even one) bad actor on the platform.
Previous developer tool blocks in India
Supabase is not the first developer tool to be blocked in India. The pattern of ISP-level blocks affecting development infrastructure has been recurring:
GitHub (raw.githubusercontent.com)
Blocked intermittently. The raw content CDN was DNS-blocked by multiple ISPs, breaking package downloads, CI/CD pipelines, and documentation sites that fetched from GitHub raw URLs.
Telegram
Blocked on multiple ISPs at various times. Telegram is widely used by developer communities for group chats and channels. The block affected web, desktop, and mobile clients.
Medium
Temporarily blocked in 2020. Many technical blogs and programming tutorials are hosted on Medium. The block was eventually lifted, but not before significant disruption to the developer community.
Pastebin
Blocked since 2017 on many ISPs. Developers commonly use Pastebin for sharing code snippets, logs, and configuration files. The block persists on most networks.
Firebase (BSNL)
Blocked on BSNL since August 2025. Multiple Firebase services including Firestore, Cloud Functions, and Authentication became unreachable on BSNL and some regional ISPs.
Will the block be lifted?
There is no way to know for certain. Historically, some blocks in India have been temporary while others have persisted for years:
Medium (blocked briefly in 2020, now accessible). Some GitHub endpoints have been unblocked after pressure from the developer community.
Pastebin (since 2017). Firebase on BSNL (since August 2025). Several other websites and services remain blocked with no sign of reversal.
Supabase has acknowledged the block and stated they have reached out to Indian government officials. However, there is no confirmed timeline for resolution. The confidential nature of 69A orders means there is no formal appeals process that users or the blocked company can easily use.
Given this uncertainty, developers building production apps for Indian users should not wait for the block to be lifted. A proxy solution ensures your app works regardless of whether the block continues or not.
What developers can do
There are both immediate technical fixes and longer-term advocacy steps developers can take:
Route your Supabase traffic through an unblocked domain using JioBase or a self-hosted Cloudflare Worker. This is the fastest way to get your app working again. The block targets the *.supabase.co domain -- routing through a different domain bypasses it entirely.
Share your experience on developer forums, social media, and communities. The Medium block was partially reversed after significant public attention. Developer voices matter -- especially when blocks affect legitimate businesses and livelihoods.
Reach out to your local MP and the IT ministry. While 69A orders are confidential, political pressure from constituents has historically influenced the review process. Be specific about the economic impact on your business or startup.
Organizations like the Internet Freedom Foundation (IFF) and the Software Freedom Law Center India (SFLC.in) track and challenge overbroad internet blocking in India. Supporting these organizations strengthens the collective voice of the developer community.
How JioBase works around the block
JioBase is a managed reverse proxy built on Cloudflare Workers. It provides each Supabase project with an unblocked proxy URL on the jiobase.com domain.
The concept is straightforward: since jiobase.com is not on the blocking order, ISP DNS resolves it normally. The Cloudflare Worker receives the request at the nearest edge node and forwards it to your Supabase project server-side, where there are no ISP blocks.
Your App
Browser / Client
JioBase Proxy
Cloudflare Edge
Supabase
*.supabase.co
The entire setup takes under 60 seconds. Run npx create-jiobase to self-host your own proxy, or use the managed service. You change one URL in your Supabase client initialization. Everything else — your anon key, RLS policies, database schema, auth rules — stays exactly the same.
import { createClient } from '@supabase/supabase-js'
// Before: blocked by Indian ISPs
// const supabase = createClient('https://abcdefgh.supabase.co', key)
// After: works everywhere
const supabase = createClient(
'https://myapp.jiobase.com',
'your-anon-key'
)Frequently Asked Questions
Is it legal to use a reverse proxy to bypass the block?
Section 69A blocking orders target specific domains and direct ISPs to block access. Using a reverse proxy routes traffic through a different, unblocked domain. This is similar to using a CDN or any other infrastructure layer between your app and its backend. There is no law prohibiting the use of proxy servers or CDNs for legitimate application traffic. However, this is not legal advice -- consult a qualified attorney for your specific situation.
Why is supabase.com accessible but supabase.co is not?
Supabase uses two separate domains. supabase.com is the marketing website and dashboard. supabase.co is the API domain where all project data flows -- database queries, auth, storage, and realtime. The blocking order targets only the .co API domain, which suggests the concern was about data/content served through the API rather than the Supabase company itself.
Can Supabase challenge the blocking order?
In theory, yes. The Supreme Court of India, in the Shreya Singhal case (2015), upheld Section 69A but mandated that the originator of the blocked content be given a hearing before the order is finalized. In practice, international companies may not receive notice. Supabase has stated they are engaging with Indian authorities, but the process is slow and there is no public timeline.
Could JioBase itself be blocked?
Any domain could theoretically be subject to a blocking order. However, JioBase is an infrastructure proxy service, not a content host. It does not store data -- it forwards requests. JioBase also supports custom domains, meaning you can use your own domain as the proxy endpoint, further reducing dependency on any single domain.
Are other countries blocking Supabase too?
As of February 2026, the DNS block on Supabase has only been confirmed in India. Other countries with internet filtering capabilities (China, Russia, Iran) have not been reported to block Supabase specifically, though they maintain their own extensive blocking lists.
Fix your Supabase app in under 60 seconds
Do not wait for the block to be lifted. Deploy your own proxy and get your app working for every Indian user today.
npx create-jiobase — deploy your own proxy on Cloudflare Workers for free
Suggested reading
More guides on Supabase, DNS blocks, and building resilient apps in India.
Supabase Blocked in India: What Happened and How to Fix It
Indian ISPs are DNS-blocking *.supabase.co. Here is everything you need to know and how to fix it.
Firebase AND Supabase Blocked in India: The Double Backend Crisis
Firebase blocked on BSNL. Supabase blocked on Jio, Airtel, and ACT. Here is what happened.
Supabase ERR_CONNECTION_TIMED_OUT in India: What It Means and How to Fix It
Getting timeout errors with Supabase in India? Your ISP is blocking the connection.