If I understand correctly, there is no way for them to differentiate traffic using this vs legitimate HTTPS traffic. In other words, if a large, legitimate website was also serving a webtunnel behind their reverse proxy, the censoring regime would have to block all traffic to that domain, legitimate or not.
You can run a webtunnel bridge behind Cloudflare. It also works behind AWS Cloudfront but that's just way too expensive if you don't get a reasonable rate from them like 99% reduction.
Welp, not surprised given it's bad for their business. Guess hence the timing of this webtunnel thing - afaik tor was using fastly at least for their snowflake thing.
