Bugtraq mailing list archives

Re: Bypassing website filter in SonicWall

From: Robert Bihlmeyer <robbe () orcus priv at>
Date: Wed, 30 Oct 2002 14:12:27 +0100 (CET)

Marc Ruef <marc.ruef () computec ch> writes:

I found a little weakness in SonicWall: I turn on the blocking
mechanism for websites (e.g. www.google.com). Now I can't reach the
website using the domainname. But if I choose the IP address of the
host (e.g. http://216.239.53.101/), I can contact the forbidden
website.


This should probably be documented better. This feature relies only on
the HTTP/1.0+ Host field, nothing else (like the connection's
destination). It's mainly useful when you want to block one virtual
hosts, not a whole machine potentially hosting thousands of them.

If you want to block a whole machine, go with the firewall rules. You
lose the stylish blocking page, though...

It would make sense if you can do an internal nslookup.


Probably. But this interface isn't for people blocking more than a
handful of domains, anyway. For a small number it's still viable to
enter both names & numbers.

-- 
Robbe

Current thread:

Bypassing website filter in SonicWall Marc Ruef (Oct 29)
- Re: Bypassing website filter in SonicWall Kurt Seifried (Oct 29)
- Re: Bypassing website filter in SonicWall Robert Bihlmeyer (Oct 31)