21 Jul
2006
21 Jul
'06
7:46 a.m.
On 20/07/06 12:49 +0530, Amish Mehta wrote: <snip>
Three ways to do this and not at all expensive:
- Make your DNS server host blogspot.com and redirect ALL port 53
traffic to it and block blockedblog.blogspot.com requests.
If you want to be authoritative for blogspot.com, then you have to deal with every domain under it as well. You would merely want to be authoritative for blockedhost.blogspot.com, which is trivially circumventable with /etc/hosts.
- Use transparent proxy which also does SNAT, back to original IP for
outgoing packets.
And which works at Gigabit speeds and has vendor backing.
- Just like ip_conntrack_ftp module which tracks PORT commands, develop
ip_conntrack_http module which tracks HTTP "Host:" header and blocks the blocked sites.
And then make the system even more complex by routing stuff to a Linux box. Unless you think that ISPs run Linux boxes for their ATM and SONET circuits?
Devdas Bhagat