Marc Ruef <marc.ruef (at) computec (dot) ch [email concealed]> writes:
> I found a little weakness in SonicWall: I turn on the blocking
> mechanism for websites (e.g. www.google.com). Now I can't reach the
> website using the domainname. But if I choose the IP address of the
> host (e.g. http://216.239.53.101/), I can contact the forbidden
> website.
This should probably be documented better. This feature relies only on
the HTTP/1.0+ Host field, nothing else (like the connection's
destination). It's mainly useful when you want to block one virtual
hosts, not a whole machine potentially hosting thousands of them.
If you want to block a whole machine, go with the firewall rules. You
lose the stylish blocking page, though...
> It would make sense if you can do an internal nslookup.
Probably. But this interface isn't for people blocking more than a
handful of domains, anyway. For a small number it's still viable to
enter both names & numbers.
> I found a little weakness in SonicWall: I turn on the blocking
> mechanism for websites (e.g. www.google.com). Now I can't reach the
> website using the domainname. But if I choose the IP address of the
> host (e.g. http://216.239.53.101/), I can contact the forbidden
> website.
This should probably be documented better. This feature relies only on
the HTTP/1.0+ Host field, nothing else (like the connection's
destination). It's mainly useful when you want to block one virtual
hosts, not a whole machine potentially hosting thousands of them.
If you want to block a whole machine, go with the firewall rules. You
lose the stylish blocking page, though...
> It would make sense if you can do an internal nslookup.
Probably. But this interface isn't for people blocking more than a
handful of domains, anyway. For a small number it's still viable to
enter both names & numbers.
--
Robbe
[ reply ]