Today I have a question about Websites are blocked by law or ministry of ict, so there are many domains, so I would like to know which method is the most suitable.
which I have tested in many ways, such as
Layer7 This method does not work because it uses too much cpu resources.
Content This method also uses more and more CPU.
TLS Host This method can get some websites. Even if the website is https encrypted.
Address list This method is quite good, uses less CPU, but will cause problems with websites that use Cloudflare. I mean in the case of blocking some websites that use Cloudflare but encounter problems with websites that you really want to use. I understand that the website also uses cloudflare and cannot open the page. But when I turn off blocking websites that use Cloudflare, the website I want to open returns to normal use. So I’m not sure. This method may not be suitable for cloudflare websites or not?
So I would like to ask all the knowledgeable people. What methods can you recommend for me?
I’m not good at eng. I apologize if some words are incorrect.
Thank you very much from my heart.
Not sure what you mean.
The govt blocks websites and you want to be able to access such websites?
The govt expects you to block websites as a private homeowner?
For most governments as an ISP you are given a database portal that provides the IPs you are required to block and you script that list into the router at whatever rate the government demands. In some instances like cloudflare sites they will ask the traffic be forwarded to a special gateway rather than blocked.
Yes but that means you need equipment that can do DPI of encrypted traffic so that rules out most equipment unless you go high end Juniper etc with subscription services.