![](https://i.imgur.com/9UQ54uc.gif"){kind=small}
diamondblack37
New member
0
0%
Months of Service
0%
One of the media control methods that you can see plenty of examples in states far from democracy is banning internet sites. Although it often seems to be for political reasons, internet sites can also be banned to ensure security and to block fake/harmful sites.
In this article, I will focus more on the technical aspect rather than the political aspect and use some technical terms,
Below you can find a list of these terms and their explanations.
PS: No bypass method is shared in the article.
IP Address
A unique number series assigned to all devices connected to the Internet, including internet sites.
In V4 format (between 0.0.0.0 and 255.255.255.255 =~ There are a total of 4 billion total V4 addresses)
There are also V6 addresses, but V6 addresses have not yet been fully introduced in Turkey.
So, in this article, I will talk about classic IPv4 addresses.
If you are reading this; the request coming from the "77.248.**.*" IP address assigned by your internet provider
has reached the "185.77.*.***" IP address belonging to technopat.net. And as a response, Technopat has sent back the HTML code of this page to your IP address.
(The IPs are symbolic)
Cloudflare (abbreviated as CF)
A massive infrastructure with hundreds of servers worldwide in 2023... Cloudflare.
Cloudflare is also the owner of WARP, and the reason why WARP cannot be blocked: they can't get rid of Cloudflare.
Cloudflare is actually a private company, but with their "free" reverse proxy service that protects sites from DDoS attacks, bots, and some specific attack types, hides the IP addresses of sites, and acts as an intermediary between visitors (you) and the server (technopat), it has almost become indispensable for a modern internet site.
This way, those who visit technopat.net actually never know the real IP address of the servers hosting technopat.net.
They go to Cloudflare and say "Hello, forward this request to technopat," waiting for Cloudflare's response. It can be seen in more detail in the diagram below.
As seen, Cloudflare hosts multiple sites, and often a single Cloudflare IP address can belong to thousands of different domains.
The only thing that separates them is a parameter called "Host."
Blocking Method #1: Domain Blocking (DNS Block)
What is DNS?
Normally, when you want to visit "technopat.net," your browser doesn't understand it.
The browser can only communicate with IP addresses consisting of numbers; letters such as "t, c, h, pat" are meaningless.
To solve this problem, there is a system called "DNS," which stands for "Domain Name System." Let's examine the diagram below.
In short, it is a system that converts the domain you visit into an IP address. It uses the DNS server determined by your Internet provider by default, and this DNS server is completely controlled by the ISP. It can be modified by the government upon legal requests.
Blocking a domain in this way is generally a cheap and simple method. Upon legal request, the records stored in the DNS are modified by xTelekom,
and a block page is placed instead. Below, we can see what a blocked technopat.net's DNS query looks like.
Now all xTelekom users who want to go to "technopat.net" will send a request to the IP address 88.2.100.5 and encounter the block page.
Of course, this is a cheap method that does not require actively monitoring traffic, so almost every ISP implements it.
Blocking Method #2: IP Address Block
(This method is not applied to sites using Cloudflare,
because blocking a Cloudflare IP is the same as blocking thousands of sites)
The "IP addresses" mentioned above can be completely blocked by the Internet Service Provider (ISP).
For example, if a visitor uses a different DNS server (like 8.8.8.8), it becomes necessary to block the direct IP address of the site
because the domain-to-IP mapping process occurs outside the control of the Internet Service Provider.
Blocking Method #3: Deep Packet Inspection (DPI)
The "Host" parameter I mentioned at the beginning; is a parameter that the Internet service providers who want to censor sites detect and block using a method called "DPI" (Deep Packet Inspection). Although DPI is generally an expensive method and not preferred much, it is one of the most difficult methods to bypass because:
- Changing DNS does not help. The Host header is not related to DNS lookup.
- Proxies may not help. Some proxies do not encrypt the Host header, so the ISP intercepts and blocks it.
In addition, normally HTTPS traffic is encrypted with SSL. However, the Host parameter is an exception. The Host is never encrypted
In this article, I will focus more on the technical aspect rather than the political aspect and use some technical terms,
Below you can find a list of these terms and their explanations.
PS: No bypass method is shared in the article.
IP Address
A unique number series assigned to all devices connected to the Internet, including internet sites.
In V4 format (between 0.0.0.0 and 255.255.255.255 =~ There are a total of 4 billion total V4 addresses)
There are also V6 addresses, but V6 addresses have not yet been fully introduced in Turkey.
So, in this article, I will talk about classic IPv4 addresses.
If you are reading this; the request coming from the "77.248.**.*" IP address assigned by your internet provider
has reached the "185.77.*.***" IP address belonging to technopat.net. And as a response, Technopat has sent back the HTML code of this page to your IP address.
(The IPs are symbolic)
Cloudflare (abbreviated as CF)
A massive infrastructure with hundreds of servers worldwide in 2023... Cloudflare.
Cloudflare is also the owner of WARP, and the reason why WARP cannot be blocked: they can't get rid of Cloudflare.
Cloudflare is actually a private company, but with their "free" reverse proxy service that protects sites from DDoS attacks, bots, and some specific attack types, hides the IP addresses of sites, and acts as an intermediary between visitors (you) and the server (technopat), it has almost become indispensable for a modern internet site.
This way, those who visit technopat.net actually never know the real IP address of the servers hosting technopat.net.
They go to Cloudflare and say "Hello, forward this request to technopat," waiting for Cloudflare's response. It can be seen in more detail in the diagram below.
As seen, Cloudflare hosts multiple sites, and often a single Cloudflare IP address can belong to thousands of different domains.
The only thing that separates them is a parameter called "Host."
Blocking Method #1: Domain Blocking (DNS Block)
What is DNS?
Normally, when you want to visit "technopat.net," your browser doesn't understand it.
The browser can only communicate with IP addresses consisting of numbers; letters such as "t, c, h, pat" are meaningless.
To solve this problem, there is a system called "DNS," which stands for "Domain Name System." Let's examine the diagram below.
In short, it is a system that converts the domain you visit into an IP address. It uses the DNS server determined by your Internet provider by default, and this DNS server is completely controlled by the ISP. It can be modified by the government upon legal requests.
Blocking a domain in this way is generally a cheap and simple method. Upon legal request, the records stored in the DNS are modified by xTelekom,
and a block page is placed instead. Below, we can see what a blocked technopat.net's DNS query looks like.
Now all xTelekom users who want to go to "technopat.net" will send a request to the IP address 88.2.100.5 and encounter the block page.
Of course, this is a cheap method that does not require actively monitoring traffic, so almost every ISP implements it.
Blocking Method #2: IP Address Block
(This method is not applied to sites using Cloudflare,
because blocking a Cloudflare IP is the same as blocking thousands of sites)
The "IP addresses" mentioned above can be completely blocked by the Internet Service Provider (ISP).
For example, if a visitor uses a different DNS server (like 8.8.8.8), it becomes necessary to block the direct IP address of the site
because the domain-to-IP mapping process occurs outside the control of the Internet Service Provider.
Blocking Method #3: Deep Packet Inspection (DPI)
The "Host" parameter I mentioned at the beginning; is a parameter that the Internet service providers who want to censor sites detect and block using a method called "DPI" (Deep Packet Inspection). Although DPI is generally an expensive method and not preferred much, it is one of the most difficult methods to bypass because:
- Changing DNS does not help. The Host header is not related to DNS lookup.
- Proxies may not help. Some proxies do not encrypt the Host header, so the ISP intercepts and blocks it.
In addition, normally HTTPS traffic is encrypted with SSL. However, the Host parameter is an exception. The Host is never encrypted