Community discussions

just joined
Topic Author
Posts: 12
Joined: Mon Jan 07, 2019 9:53 am

how websites are blocked in big companies & countries

Wed Jan 09, 2019 10:43 pm

I am trying to block websites using:

1. DNS sinkhole - works, unless someone has website IP in cache (people from outside my network using Wifi - especially people with android devices doesn't clear their cache very long time)
2. layer 7 filtering - block video (but does not yt website), doesn't block youtube apps
3. tls host - block most of https websites (but not youtube)
4. block port 40, 443 tcp (for example) content: youtube -blocks acces to youtube website on mobile devices (only), doesnt block yt app.
5. blocking IP - works, but script has to be refreshed basically every one minute to work properly, it generates traffic and is invconvenient

I did tests on most popular webrowser - chrome and partially on firefox. As you see, any of mentioned methods isn't perfect. So tell me please, how are blocked webites in big companies&corporations (especially youtube) and countries like china ?
User avatar
Forum Veteran
Forum Veteran
Posts: 945
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: how websites are blocked in big companies & countries

Wed Jan 09, 2019 11:18 pm

From my experience, i've encountered two:
either dns based or
L7 firewall, with wildcard certificates, allowing full decryption of traffic
User avatar
Forum Guru
Forum Guru
Posts: 1089
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa

Re: how websites are blocked in big companies & countries

Sat Jan 12, 2019 9:26 pm

Mikrotik is not designed for this and should not be used for this.

Look into products like Sonicwall, which can inspect encrypted data and is designed for things like this

Who is online

Users browsing this forum: Baidu [Spider] and 58 guests