Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Bypassing website filter in SonicWall
From: Robert Bihlmeyer <robbe () orcus priv at>
Date: Wed, 30 Oct 2002 14:12:27 +0100 (CET)

Marc Ruef <marc.ruef () computec ch> writes:

I found a little weakness in SonicWall: I turn on the blocking
mechanism for websites (e.g. www.google.com). Now I can't reach the
website using the domainname. But if I choose the IP address of the
host (e.g. http://216.239.53.101/), I can contact the forbidden
website.

This should probably be documented better. This feature relies only on
the HTTP/1.0+ Host field, nothing else (like the connection's
destination). It's mainly useful when you want to block one virtual
hosts, not a whole machine potentially hosting thousands of them.

If you want to block a whole machine, go with the firewall rules. You
lose the stylish blocking page, though...

It would make sense if you can do an internal nslookup.

Probably. But this interface isn't for people blocking more than a
handful of domains, anyway. For a small number it's still viable to
enter both names & numbers.

-- 
Robbe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]